|
How to enable squid proxy to accept webtraffic from two networks
Dear All
I have two segment of network, one is 192.168.1.0 and other one is 192.168.100.0 My Airtel broadband connection is comes under 192.168.1.0 network and net connection is shared to users by squid proxy. I have redhat 9, where i have configured transparent squid proxy my proxy server ip is 192.168.1.6, both the network is connected to my cisco firewall. Enabled the access list to ping my proxy server from 192.168.100.0 network. But my clients PC's are not able to access internet from 192.168.100.0 network. Web traffic also enabled in firewall to pass through from 192.168.100.0 , but still i am not able to browse. Is't required my proxy server should be connected 192.168.100.0 to receive web traffic?? Herewith enclosed my squid.conf for your reference. #acl all src 0.0.0.0/0.0.0.0 acl lan1_blr src 192.168.1.0/255.255.255.0 acl lan2_blr src 192.168.100.0/255.255.255.0 acl msn_hosts src "/etc/squid/msn_hosts" acl allowed_machines src "/etc/squid/allowed_machines" acl support_staff src "/etc/squid/support_staff" acl callcenter src "/etc/squid/callcenter" acl rejected_urls url_regex "/etc/squid/rejected_urls" acl allowed_urls dstdomain "/etc/squid/allowed_urls" acl msn dstdomain "/etc/squid/msn" http_access allow msn_hosts msn http_access deny rejected_urls http_access deny !allowed_machines http_access deny !lan1_blr !lan2_blr #http_access allow msn_hosts msn http_access allow callcenter allowed_urls allowed_machines http_access allow support_staff !callcenter http_access allow all Can anyone help me to solve this..... |
Quote:
Can you provide us with a topology of your network? I can recomend you only one solution, having so little and uneffective information from you, is add additional network card to your proxy server(connect this interface to network 192.168.100.0) for example you will give your proxy server the following ip: 192.168.100.6. And after that you should add the following lines to your squid.conf file: http_port 192.168.1.6:3128 http_port 192.168.100.6:3128 You should remember that in that case proxy server will run on both interfaces(on port 3128) and will be available for both networks. |
fandango512 is of course correct.
if you have one network card in your server on address 192.168.1.6 the address range 192.168.100.0 will not be able to communicate with it. unless you bridge the two networks with your cisco firewall but you will need to know Cisco IOS Commands. What is your network infrastructure in general? and how is your server connected to the infrastructure? i might be able to be more helpful if you need it. HTH |
* I have only one network card in my proxy server
* We have bridged both the network through cisco firewall, i mean 192.168.100.0 network can ping 192.168.1.0 network. In specific from 192.168.100.0 network i can ping my proxy server 192.168.1.6. * Adding another interface to proxy server will be right solution at this moment, but once my network grow i can't keep adding NIC cards to connect various network. I need some alternative solution like virtual interface, ip forwarding etc. |
lets give this a go
firstly stop the squid service Then use the below config to test it out (ignore the dashes, these are to show the start and finish of the file!) -------------------------------------------------------------- http_port 3128 visible_hostname server acl all src 0.0.0.0/0.0.0.0 http_access allow all ------------------------------------------------------------- then from command line run squid -z then restart squid, this will help establish if this is an IP communication related error or if it was a squid configuration error. then on a machine in each different subnet put the ip address and port number into your web browser, then restart the browser and see if it works please tell us the results and any error messages so that we can help you HTH & Good Luck BlackFish |
Should i modify squid.conf file and making # for my existing configuration?
How do i find any ip related communication error, which log file i should check? |
My problem sorted out, problem lies in my firewall , not enabled to port 8080 ( Proxy port) in firewall IOS. Open the port, it's working fine.
Thanks a lot guys. |
| All times are GMT -5. The time now is 10:55 PM. |