Re: [squid-users] routing OR different IP address from Henrik Nordstrom on 2001-05-08 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 08 May 2001 20:16:11 +0200

http://squid.sourceforge.net/cgi-bin/diff/rvenning_tosaddracl

Author: Roger Venning
No public web site, or project description yet apart from the
documentation added to squid.conf.

--
Henrik Nordstrom
Squid Hacker
Edward wrote:
> 
> Hi Henrik!
> 
> Can you please provide me with the link for rvenning_tosaddracl?
> 
> Thank you very much.
> 
> Best regards,
> 
> Edward Millington
> (Network Administrator & Senior Technical Support Technician)
> Cariaccess Communications Ltd.
> Bridgetown
> Barbados
> 1-246-430-7435
> Fax : 1-246-431-0170
> edward@cariaccess.com
> www.cariaccess.com
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@hem.passagen.se>
> To: "Edward" <edward@cariaccess.com>
> Cc: "squid" <squid-users@squid-cache.org>
> Sent: Sunday, May 06, 2001 3:51 PM
> Subject: Re: [squid-users] routing OR different IP address
> 
> > Edward wrote:
> >
> > > I have the a policy route to the cache on one ip address.
> > >
> > > eg
> > > access-list 110 deny   tcp any any neq www
> > > access-list 110 deny   tcp host 200.50.68.7 any
> > [...]
> > > The other IP is 64.110.11.2.
> > >
> > > As you can see here, the ciso is only sending to the 200.50.68.7.
> > >
> > > What I believe here, after sending you that email, 64.110.11.2 is not
> > > getting pass the router faste0/0 interface.
> >
> > Correct. Your Cisco does not know that 64.110.11.2 should not be
> > redirected to 200.50.68.7.
> >
> > I seem to remember that your clients is actually on different subnets
> > than your servers. In such case it is probably better to reverse the
> > router ACL to tell what should be redirected rather than what should
> > not. I.e. only redirect your client networks to the proxy.
> >
> > > If that is the case then I will have to add
> > >
> > >         access-list 110 deny   tcp host 64.110.11.2 any
> > >
> > > to the access-list.
> > >
> > > What do you think Henrik?
> >
> > Not a Cisco expert, but it looks like a step in the correct direction.
> >
> > --
> > Henrik Nordstrom
> > Squid Hacker
> >

Received on Tue May 08 2001 - 14:56:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:53 MST