Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Just to share relevant portion of my squid (same version) running in OpenBSD:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 445 # windows update
acl CONNECT method CONNECT
# http_access deny all
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
acl local_net src 192.168.1.0/24
http_access allow local_net
http_access allow localhost
The deny safe port issues is not fixed, I'll have to
work on that and try to understand it.
These are ports on the internet that squid allows access to and thus it was defined within the series of acl Safe_ports port# declarations. Ports not defined here would not be accessed and thus you would see in your access.log TCP/DENIED.
Then finally below it, an http_access was defined to give access to these acl's as what you have done with your acl local_net. The http_access deny !Safe_ports is the same as http_access allow Safe_ports. We know that the negation character (!) tells its opposite.
thanks "again" gani
I got the !Safe_ports working without errors.
I also have got dansguardian working on the server PC.
I Have not been able to figure out how to get the other PC
to work so it will cache or filter the web. It's a windows
wireless machine using a linksys router. If you have any idea's
please advise on this. I played with the connection settings
in windows thinking I needed to set the proxy to the servers
address and port but that didn't work at all.. I tried using the
loopback address with port 3128 and it failed... So I really don't
know if it's going to be a iptables rule or squid acl that needs
to be tweaked.
But anyway, It's nice to know I can set up the linux machine for
for the kids to use again. I just wasn't happy with them having
free unrestricted access.
Then all your WAP clients would pass through your transparent proxy via the WAN port of your WAP through its 192.168.1.? IP address and it is this IP would be registered browsing in your Dansguradian's logs.
[Local Network] [Linksys WAP Router] [WI-FI clients]
Hub/Switch ------> WAP WAN port [192.168.1.?]
| WAP LAN ports )))((( wi-fi clients
| [192.168.2.0/24] [192.168.2.?]
|------------> Wired clients
Sorry, I thought that you have separate switch/hub for your wired PC and Linksys is only for wireless clients.
If your Linksys WAP router is at the same time serving as your LAN switch, connect its WAN port to the internal NIC of your Slackware router and provide it with an IP range/block different from its LAN ports as I've shown here and as usual, you would need to activate its NAT. This would appear that your Linksys is your secondary gateway/router.