From owner-freebsd-questions Tue Sep 21 8:24: 3 1999 Delivered-To: freebsd-questions@freebsd.org Received: from zagnut.hotpop.com (zagnut.hotpop.com [204.57.55.32]) by hub.freebsd.org (Postfix) with ESMTP id D187314F24 for ; Tue, 21 Sep 1999 08:23:56 -0700 (PDT) (envelope-from ertank@hotpop.com) Received: from Ertan (unknown [212.252.71.35]) by zagnut.hotpop.com (Postfix) with SMTP id A7F5A639CF; Tue, 21 Sep 1999 11:23:41 -0400 (EDT) Message-ID: <002b01bf0445$6621aa00$5f94fcd4@Ertan> From: "Ertan Kucukoglu" To: "Langa Kentane" Cc: "FreeBSD" References: <000001bf042e$bb655410$19a8ef9b@sunnet.co.za> Subject: Re: Squid access list problems Date: Tue, 21 Sep 1999 18:22:25 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 X-HotPOP: ----------------------------------------------- Sent By HotPOP.com FREE Email Get your FREE POP email at www.HotPOP.com ----------------------------------------------- Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I cannot get anything thru squid. My browser gives me an access denied > response. > > I looked at my access control in squid.conf and found the ff lines. Can you > please explain what they mean and how I can change them to give me http and > ftp access to the net. > > The squid.conf lines follow: > > #Defaults: > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 80 21 443 563 70 210 1025-65535 > acl CONNECT method CONNECT > > #Default configuration: > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > http_access allow all > > # TAG: icp_access > # Reply to all ICP queries we receive > # > icp_access allow all > > Thanks in advance > > Cheers > Hello, Let me give my own squid.conf file and explain it. Please make a copy of yours and then try to use the one I give below. I numbered each line for easy explanation. Please remove that numbers while you use. Here it is : ##### 1) http_access 3128 2) cache_mem 24 MB 3) cache_dir /usr/local/squid/cache 250 16 256 4) acl ozler src 128.0.0.1-128.0.0.50/255.255.0.0 5) acl all src 0.0.0.0/0.0.0.0 6) http_access allow ozler 7) http_access deny all ##### 1) Here you give a port number for squid to set itself. After with your client machines. You must use you FreeBSD IP number and this port number for your proxy settings. You may give any number between 1-65535, but is is good so do not change it. 2) Here you give squid the information that how much RAM it should use. You can give it as more as you want but although be careful. Your FreeBSD uses it too. :-) 3) This line is for your disk cache information. Here we say squid to use /usr/local/squid/cache dir for local caching. And that it should use up to 250MB of disk space. The numbers 16 and 256 indicate it should set directories under ../cache like this: ../cache/00 ../cache/01 ... ../cache/0F and under each 16 directory it will create another 256 directories with the same way. 4) Here I am giving the exact answer. This line indicates a access list. The name ozler holds 128.0.0.1-128.0.0.50 IP numbers. All belong to 255.255.0.0 sub netmask. You may change this line like acl my_list src 192.168.0.2-192.168.0.15/255.255.255.0 This line says my access list name is "my_list" it points IP numbers 192.168.0.2 tp 192.168.0.15. All IPs belong to 255.255.255.0 sub netmask. 5) This line must be in your squid.conf file. Write it as is. The "all" acl contains all IP numbers. 6) Here you allow "ozler" access list to use your squid proxy. If you use the example I give above (4) it should be "http_access allow my_list". Here you give exact authorization. 7) Leave this line as is. It blocks all attemps to use proxy. And tips. Authorization and restiriction lines follows the given order. In detail. If you put lines like below you still unable to use your proxy server. http_access deny all http_access allow my_list Sorry for my English. And I hope I managed to help. Regards, Ertan Kucukoglu ertan@softhome.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message