Re: [squid-users] routing OR different IP address from Henrik Nordstrom on 2001-05-10 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 10 May 2001 18:37:02 +0200

See http://squid.sourceforge.net/tosaddracl/.

(tosaddracl has now got a web site, and is slowly getting polished up
for general use)

--
Henrik Nordstrom
Squid Hacker
Edward wrote:
> 
> When last was it updated?
> 
> > http://squid.sourceforge.net/cgi-bin/diff/rvenning_tosaddracl
> >
> > Author: Roger Venning
> > No public web site, or project description yet apart from the
> > documentation added to squid.conf.
> >
> > --
> > Henrik Nordstrom
> > Squid Hacker
> >
> >
> > Edward wrote:
> > >
> > > Hi Henrik!
> > >
> > > Can you please provide me with the link for rvenning_tosaddracl?
> > >
> > > Thank you very much.
> > >
> > > Best regards,
> > >
> > > Edward Millington
> > > (Network Administrator & Senior Technical Support Technician)
> > > Cariaccess Communications Ltd.
> > > Bridgetown
> > > Barbados
> > > 1-246-430-7435
> > > Fax : 1-246-431-0170
> > > edward@cariaccess.com
> > > www.cariaccess.com
> > > ----- Original Message -----
> > > From: "Henrik Nordstrom" <hno@hem.passagen.se>
> > > To: "Edward" <edward@cariaccess.com>
> > > Cc: "squid" <squid-users@squid-cache.org>
> > > Sent: Sunday, May 06, 2001 3:51 PM
> > > Subject: Re: [squid-users] routing OR different IP address
> > >
> > > > Edward wrote:
> > > >
> > > > > I have the a policy route to the cache on one ip address.
> > > > >
> > > > > eg
> > > > > access-list 110 deny   tcp any any neq www
> > > > > access-list 110 deny   tcp host 200.50.68.7 any
> > > > [...]
> > > > > The other IP is 64.110.11.2.
> > > > >
> > > > > As you can see here, the ciso is only sending to the 200.50.68.7.
> > > > >
> > > > > What I believe here, after sending you that email, 64.110.11.2 is
> not
> > > > > getting pass the router faste0/0 interface.
> > > >
> > > > Correct. Your Cisco does not know that 64.110.11.2 should not be
> > > > redirected to 200.50.68.7.
> > > >
> > > > I seem to remember that your clients is actually on different subnets
> > > > than your servers. In such case it is probably better to reverse the
> > > > router ACL to tell what should be redirected rather than what should
> > > > not. I.e. only redirect your client networks to the proxy.
> > > >
> > > > > If that is the case then I will have to add
> > > > >
> > > > >         access-list 110 deny   tcp host 64.110.11.2 any
> > > > >
> > > > > to the access-list.
> > > > >
> > > > > What do you think Henrik?
> > > >
> > > > Not a Cisco expert, but it looks like a step in the correct direction.
> > > >
> > > > --
> > > > Henrik Nordstrom
> > > > Squid Hacker
> > > >
> >
> >

Received on Thu May 10 2001 - 10:38:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:55 MST