March 28, 2024, 09:48:24 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: SQUID running WCCP cant allow mail server access  (Read 6348 times)

Offline Mba

  • Linux Noob !
  • *
  • Posts: 5
SQUID running WCCP cant allow mail server access
« on: March 19, 2004, 12:44:00 PM »
I have implimented a squid HTTP cache server on a RedHat 9.0 machine for my ISP running WCCP , so my edge router redirects all incoming packets to  the server. We have a mail server on the network with a public IP address and our e-mail clients sitting on other networks cannot access the mail server. This has limited SMTP and POP3 access to only clients sitting on our network.

Please, l will greatly appreciate your assistance in solving this problem. Can it be that I need to issue some comands to modify my iptables?
 
Pleaase help

Mba Ijere  :wink:

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
SQUID running WCCP cant allow mail server access
« Reply #1 on: March 19, 2004, 01:47:41 PM »
You can use smtp and pop port forwarding on your router if it is a computer.. otherwise..
Please give little more description..

Offline Mba

  • Linux Noob !
  • *
  • Posts: 5
SQUID running WCCP does not also allow external http access
« Reply #2 on: March 20, 2004, 09:58:39 AM »
I read your reply to my first mail and I think I have to give a more detailed explanation of the problem. I implimented a SQUID HTTP proxy server for my ISP using WEBMIN and enabled WCCP on it and the edge router so that all packets into our network will be reditected to the SQUID server for caching.  I also configured the server to do transperent proxing and implimented the redirecting rule;
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
 
to direct all http packets on port 80 to port 3128 that squid uses.

The server was up and running. But I soon started getting complains from our e-mail clients on different networks outside our network ( 80.x.x.x) that they couldnt access their mails on http://mail.a*****.com. Infact when they try to open the page it returns a , " Page cannot be displayed" message.  But they can access their mails through Outlook Express. I must point out to you that this mail server sits on our network ( 80.x.x.x). I would very much appreciate your assistance. Thanks

                Mba

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
SQUID running WCCP cant allow mail server access
« Reply #3 on: March 20, 2004, 11:22:29 AM »
well.. it is little unclear.. but can you tell me that are people outside ur network are able to access http://www.a*****.com ?
BTW.. have you tried that people outside your network are able to access others resource not just the mail domain ?

Offline Mba

  • Linux Noob !
  • *
  • Posts: 5
Reply
« Reply #4 on: March 20, 2004, 11:44:06 AM »
Hi,
Thanks for your quick response. The only internal resource on our network that people need to access from outside is the mail server with the http link i gave you ( not the real link though). And they come in when the SQUID server is turned off. So I feel there an iptables command that I have to issue on the SQUID server to allow them to the mail server. Please I stand corrected if I am wrong.

       Mba

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
SQUID running WCCP cant allow mail server access
« Reply #5 on: March 20, 2004, 06:21:56 PM »
Ahh..
I got it .. Actually you are trying to give access to your mail.xxxxxx.com which is behind proxy so wht you need is to allow users from src 0/0 to access mail.xxxxx.com in your network and thus your problem should be solved.
Try this..
Code: [Select]
acl maildomain mail.xxxxx.com
acl allow maildomain all
here all is your 0.0.0.0/0.0.0.0 ie whole internet as it should be already defined in your acl . I am little unsure here that is do squid read  2nd line as maildomain OR all  ..  maildomain AND all
BTW.. implement it and check it that people outside the network are not able to access any other resource then the domain ..