Network Troublshooting > Linux Proxy Server Support

how to use two network in squd proxy with one internet connection

(1/2) > >>

nmmurali:
Dear Friends,

I configured squid proxy server in centOS 5.4 and its working fine. Now i want to configure one more network in the same proxy server

running network : 192.168.2.0 (with limited access only)
i want to configure : 192.168.1.0 (With full access)

It is possible or not please helpme

Advanced thanks for all members

kaushalpatel1982:
It is very much possible. You didn't say what kind of limited access you want to configure? Still you just need to configure ACL in squid.conf as follow

acl blocksite url_regex -i test
acl limitedaccess src 192.168.2.0/255.255.255.0
acl fullaccess src 192.168.1.0/255.255.255.0

http_access allow !blockurl limitedaccess
http_access allow fullaccess
http_access deny all

The above configuration will not allow 192.168.2.0 network to access site with keyword test when it will be allowed from 192.168.1.0 network.

nmmurali:
Dear kaushalpatel

My squid.conf was like this

 
#  TAG: acl
#       Defining an Access List
#
#       acl aclname acltype string1 ...
#       acl aclname acltype "file" ...
acl blockfiles urlpath_regex "/etc/squid/block.files.acl"
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
#   Particular sites blocking for clients its a own rule *************Murali*****************
acl blocksites dstdomain .yahoo.com
acl blocksites dstdomain .rediff.com
acl blocksites dstdomain .hotmail.com
http_access deny blocksites

acl blockregexurl url_regex -i musicacl blockregexurl url_regex -i live
acl blockregexurl url_regex -i news
acl blockregexurl url_regex -i sexsites
acl blockregexurl url_regex -i mallu
http_access deny blockregexurl

#http_access allow our_networks
acl nomus_network src 192.168.2.0/255.255.255.0
acl business_hours time  M T W H F A 9:35-19:20
http_access allow nomus_network business_hours

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

my squid proxy server ip: 192.168.2.2 and new network is 192.168.1.0 wants full access

please helpme

Advanced thanks kaushal

kaushalpatel1982:
I guess you already have IP address of the another network on this machine or the machine is accessible in anyway by the second network you said.

Take backup of your current configuration file first.

Please check the lines in Bold and do the necessary change and restart the squid service.
 
#######################################################
acl blockfiles urlpath_regex "/etc/squid/block.files.acl"
deny_info ERR_BLOCKED_FILES blockfiles
#remove/comment the line blow
http_access deny blockfiles

#   Particular sites blocking for clients its a own rule *************Murali*****************
acl blocksites dstdomain .yahoo.com
acl blocksites dstdomain .rediff.com
acl blocksites dstdomain .hotmail.com
#remove/comment the line blow
#http_access deny blocksites

acl blockregexurl url_regex -i musicacl blockregexurl url_regex -i live
acl blockregexurl url_regex -i news
acl blockregexurl url_regex -i sexsites
acl blockregexurl url_regex -i mallu
#remove/comment the line blow
#http_access deny blockregexurl


#http_access allow our_networks
acl nomus_network src 192.168.2.0/255.255.255.0
acl nomus_network_2 src 192.168.1.0/255.255.255.0
acl business_hours time  M T W H F A 9:35-19:20
http_access allow !blockfiles !blockregexurl !blocksites nomus_network business_hours
http_access allow nomus_network_2

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
#######################################################

nmmurali:
Dear kaushalpatel

I am sorry to say this after configuration it showing the message like this

Stopping squid:                                            [FAILED]
Starting squid:                                            [FAILED]


If you don't mind i will show you my complete configuration
Please check the lines in Bold is my configuration

#  TAG: acl
#       Defining an Access List
acl nomus_network src 192.168.2.0/255.255.255.0
acl nomus_network src 192.168.1.0/255.255.255.0
acl business_hours time S M T W H F A 9:35-19:20

#       acl aclname acltype string1 ...
#       acl aclname acltype "file" ...
acl blockfiles urlpath_regex "/etc/squid/block.files.acl"
deny_info ERR_BLOCKED_FILES blockfiles
                                                 #Particular sites blocking for clients
acl blocksites dstdomain .yahoo.com   
acl blocksites dstdomain .rediff.com
acl blocksites dstdomain .gmail.com
acl blocksites dstdomain .hotmail.com
acl blocksites dstdomain .youtube.com
acl blocksites dstdomain .orkut.com
acl blocksites dstdomain .eenadu.net
acl blocksites dstdomain .mail.com
acl blocksites dstdomain .monsterindia.com
acl blocksites dstdomain .timesjobs.com
acl blocksites dstdomain .shine.com
acl blocksites dstdomain .olx.in
acl blocksites dstdomain .accenture.com
acl blocksites dstdomain .meebo.com
acl blocksites dstdomain .naukuri.com
                                                          # Words blocking in any sites
acl blockregexurl url_regex -i shaadi
acl blockregexurl url_regex -i music
acl blockregexurl url_regex -i live
acl blockregexurl url_regex -i sex
acl blockregexurl url_regex -i bollywood
acl blockregexurl url_regex -i masala
acl blockregexurl url_regex -i blogspot
acl blockregexurl url_regex -i mallu
acl blockregexurl url_regex -i news
acl blockregexurl url_regex -i songs
acl blockregexurl url_regex -i yahoo
acl blockregexurl url_regex -i gmail
acl blockregexurl url_regex -i rediff
acl blockregexurl url_regex -i hotmail
acl blockregexurl url_regex -i mails

#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 110
acl Safe_ports port 25
acl CONNECT method CONNECT

#  TAG: http_access
#       Allowing or Denying access based on defined access lists
#
#       Access to the HTTP port:
#       http_access allow|deny [!]aclname ...
#
#       NOTE on default values:
#
#       If there are no "access" lines present, the default is to deny
#       the request.
#
#       If none of the "access" lines cause a match, the default is the
#       opposite of the last line in the list.  If the last line was
#       deny, the default is allow.  Conversely, if the last line
#       is allow, the default will be deny.  For these reasons, it is a
#       good idea to have an "deny all" or "allow all" entry at the end
#       of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS


http_access allow !blockfiles !blocksites !blockregexurl
http_access allow nomus_network business_hours
http_access allow nomus_network_2

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

#  TAG: http_access2
#       Allowing or Denying access based on defined access lists
#
#       Identical to http_access, but runs after redirectors. If not set
#       then only http_access is used.
#
#Default:
# none




# Squid normally listens to port 3128
http_port 3128
http_port 192.168.2.2:999

Network cards eth0: 192.168.1.221 /255.255.255.0 Gateway: 192.168.1.220 (wan)
                        eth1: 192.168.2.2 / 255.255.255.0    Gateway: 192.168.1.221 (lan)
Working configuration is IP: 192.168.2.3 to 192.168.2.150
                                                 Subnet : 255.255.255.0
                                                 Gateway : 192.168.2.2 (Proxy Server IP)

Requirement network (With Full access)  IP: 192.168.1.5 to 192.168.1.50
                                           Subnet: 255.255.255.0
                                          Gateway : 192.168.2.2     

So please helpme kaushal
Thanks a lot

Regards
Murali

Navigation

[0] Message Index

[#] Next page

Go to full version