Dear All

I have two segment of network, one is 192.168.1.0 and other one is 192.168.100.0
My Airtel broadband connection is comes under 192.168.1.0 network and net connection is
shared to users by squid proxy. I have redhat 9, where i have configured transparent squid proxy
my proxy server ip is 192.168.1.6, both the network is connected to my cisco firewall.

Enabled the access list to ping my proxy server from 192.168.100.0 network. But my clients
PC's are not able to access internet from 192.168.100.0 network.

Web traffic also enabled in firewall to pass through from 192.168.100.0 , but still i am not able to
browse.

Is't required my proxy server should be connected 192.168.100.0 to receive web traffic??
Herewith enclosed my squid.conf for your reference.


#acl all src 0.0.0.0/0.0.0.0
acl lan1_blr src 192.168.1.0/255.255.255.0
acl lan2_blr src 192.168.100.0/255.255.255.0
acl msn_hosts src "/etc/squid/msn_hosts"
acl allowed_machines src "/etc/squid/allowed_machines"
acl support_staff src "/etc/squid/support_staff"
acl callcenter src "/etc/squid/callcenter"

acl rejected_urls url_regex "/etc/squid/rejected_urls"
acl allowed_urls dstdomain "/etc/squid/allowed_urls"
acl msn dstdomain "/etc/squid/msn"

http_access allow msn_hosts msn
http_access deny rejected_urls
http_access deny !allowed_machines
http_access deny !lan1_blr !lan2_blr
#http_access allow msn_hosts msn
http_access allow callcenter allowed_urls allowed_machines
http_access allow support_staff !callcenter
http_access allow all

Can anyone help me to solve this.....

A very strange question, but anyway.

Can you provide us with a topology of your network?


I can recomend you only one solution, having so little and uneffective information from you, is add additional network card to your proxy server(connect this interface to network 192.168.100.0) for example you will give your proxy server the following ip: 192.168.100.6. And after that you should add the following lines to your squid.conf file:

http_port 192.168.1.6:3128
http_port 192.168.100.6:3128

You should remember that in that case proxy server will run on both interfaces(on port 3128) and will be available for both networks.

fandango512 is of course correct.

if you have one network card in your server on address 192.168.1.6 the address range 192.168.100.0 will not be able to communicate with it. unless you bridge the two networks with your cisco firewall but you will need to know Cisco IOS Commands.

What is your network infrastructure in general? and how is your server connected to the infrastructure? i might be able to be more helpful if you need it.

HTH

* I have only one network card in my proxy server
* We have bridged both the network through cisco firewall, i mean 192.168.100.0 network can ping 192.168.1.0 network. In specific from 192.168.100.0 network i can ping my proxy server 192.168.1.6.
* Adding another interface to proxy server will be right solution at this moment, but once my network grow i can't keep adding NIC cards to connect various network.
I need some alternative solution like virtual interface, ip forwarding etc.

lets give this a go

firstly stop the squid service

Then use the below config to test it out (ignore the dashes, these are to show the start and finish of the file!)
--------------------------------------------------------------
http_port 3128

visible_hostname server

acl all src 0.0.0.0/0.0.0.0
http_access allow all
-------------------------------------------------------------

then from command line run squid -z

then restart squid,

this will help establish if this is an IP communication related error or if it was a squid configuration error.

then on a machine in each different subnet put the ip address and port number into your web browser, then restart the browser and see if it works

please tell us the results and any error messages so that we can help you

HTH & Good Luck

BlackFish

Should i modify squid.conf file and making # for my existing configuration?

How do i find any ip related communication error, which log file i should check?

My problem sorted out, problem lies in my firewall , not enabled to port 8080 ( Proxy port) in firewall IOS. Open the port, it's working fine.

Thanks a lot guys.