Hi,
I know that FreeBSD is not Linux, but I have gone to various forums, and I haven't gotten this answered thoroughly, so please bare with me.
I have a network that involves a gateway with FreeBSD on it and an internal Windows server running IIS (I know, I know, hate it too, but was part of the job) and some other services like Exchange. The server resides on the same subnetwork as the users' computers.
I have put Squid on the gateway as a webfilter, but somehow, when I start the squid service, I cannot access the web server that resides on the windows box from outside the network nor does it receive any mail from the outside.
[EDIT: thanks born4linux for typo in the last paragraph]
I have read many HOWTO's, but Squid can do so much that right now I'm getting very confused with the terminology... so, my question is: is it possible that Squid be on a gateway serving as just a webfilter (if it's a web cache, I don't mind, better for me) and let packets go through an internal server?
If so, my squid.conf is as follows:
http_port 3128
icp_port 3130
cache_swap_low 75
cache_swap_high 85
memory_pools off
cache_mgr
admin@domain.com #changed for security reasons
maximum_object_size 4096 KB
cache_dir ufs /usr/local/squid/cache 50 16 256
cache_access_log /dev/null
cache_log none
cache_store_log /dev/null
logfile_rotate 7
client_netmask 255.255.255.0
visible_hostname gateway.domain.com #changed for security reasons
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl my_network src 192.168.3.0/255.255.255.0 #changed for security reasons
acl priviledge_user arp 00:01:02:03:04:05 #changed for security reasons
acl unpriviledge_user_with_mail arp 00:01:02:03:04:06 #changed for security reasons
acl SSLPORT port 443 563
acl SAFEPORT port 21 70 80 210 443 563 1025-65535
#ftp gopher http wais https snews unregistered
acl SAFEPORT port 280 #http-mgmt
acl SAFEPORT port 488 #gss-http
acl SAFEPORT port 591 #filemaker
acl SAFEPORT port 777 #multiling http
acl CONNECT method CONNECT
acl ADSDOM url_regex "/usr/local/etc/squid/block/blacklists/ads/domains"
acl ADSURL url_regex "/usr/local/etc/squid/block/blacklists/ads/urls"
acl AGGRESSIVEDOM url_regex "/usr/local/etc/squid/block/blacklists/aggressive/domains"
acl AGGRESSIVEURL url_regex "/usr/local/etc/squid/block/blacklists/aggressive/urls"
acl AVDOM url_regex "/usr/local/etc/squid/block/blacklists/audio-video/domains"
acl AVURL url_regex "/usr/local/etc/squid/block/blacklists/audio-video/urls"
acl DRUGDOM url_regex "/usr/local/etc/squid/block/blacklists/drugs/domains"
acl DRUGURL url_regex "/usr/local/etc/squid/block/blacklists/drugs/urls"
acl GAMBLINGDOM url_regex "/usr/local/etc/squid/block/blacklists/gambling/domains"
acl HACKDOM url_regex "/usr/local/etc/squid/block/blacklists/hacking/domains"
acl HACKURL url_regex "/usr/local/etc/squid/block/blacklists/hacking/urls"
acl MAILDOM url_regex "/usr/local/etc/squid/block/blacklists/mail/domains"
acl PORNDOM url_regex "/usr/local/etc/squid/block/blacklists/porn/domains"
acl PORNURL url_regex "/usr/local/etc/squid/block/blacklists/porn/urls"
acl PROXYDOM url_regex "/usr/local/etc/squid/block/blacklists/proxy/domains"
acl VIOLENCEDOM url_regex "/usr/local/etc/squid/block/blacklists/violence/domains"
acl WAREZDOM url_regex "/usr/local/etc/squid/block/blacklists/warez/domains"
acl WAREZURL url_regex "/usr/local/etc/squid/block/blacklists/warez/urls"
http_access allow manager localhost
http_access deny manager
http_access deny !SAFEPORT
http_access deny CONNECT !SSLPORT
http_access allow priviledged_user
http_access allow unpriviledged_user_with_mail MAILDOM
http_access deny all SPAMMER
http_access deny all ADSDOM
http_access deny all ADSURL
http_access deny all AGGRESSIVEDOM
http_access deny all AGGRESSIVEURL
http_access deny all AVDOM
http_access deny all AVURL
http_access deny all DRUGDOM
http_access deny all DRUGURL
http_access deny all GAMBLINGDOM
http_access deny all HACKDOM
http_access deny all HACKURL
http_access deny all MAILDOM
http_access deny all PORNDOM
http_access deny all PORNURL
http_access deny all PROXYDOM
http_access deny all VIOLENCEDOM
http_access deny all WAREZDOM
http_access deny all WAREZURL
http_access allow demiurgo
http_access allow localhost
http_access allow my_network
http_access deny all