Re: [squid-users] Transparent Proxy for second subnet behind firewall?

From: Malcolm Turnbull <malcolm.turnbull@dont-contact.us>
Date: Fri, 09 Aug 2002 08:56:30 +0100

After some playing my setup suddenly started working !

I haven't figured out what I did yet, but I'll start from scratch and
diagnose at some point.

I'm so glad that I can now ditch SurfControl...

Thanks for a great product.

Mark Eanes wrote:
| Please check your bits for both subnets and ensure they match what is
in the acl, httpd_access, and within the network itself.
|
| It sounds as if there is a mismatch in there somewhere.
|
| Mark
|
|
|
|
|>>>Malcolm Turnbull <malcolm.turnbull@waterers.co.uk> 07/31/02 06:49PM >>>
|>>
| I think so.. I have
|
| acl crocus_lan src 10.0.0.0/255.255.0.0
| acl waterers_lan src 10.1.0.0/255.255.255.0
|
|
| http_access allow crocus_lan
| http_access allow waterers_lan
|
| Regards,
| Malcolm.
|
| Mark Eanes wrote:
|
|>What does your http_access have set up?
|>
|>Do you have both networks identified for access?
|>
|>Mark
|>
|>
|>
|>>>>Malcolm Turnbull <malcolm.turnbull@crocus.co.uk> 07/30/02 07:52AM >>>
|>>>
|>Yes, The firewall is the SQUID box and I'm using a REDIRECT rule...
|>
|>But even if I remove the REDIRECT and change a web browser on the second
|>subnet to use port 8080 for proxy I get the same error back from SQUID
|>so I assume it's got nothing to do with the transparent bit...
|>Just my configuration...
|>
|>Whereas the local subnet is fine for normal proxy and transparent
|>
|>
|>
|>Ling Hwa Hing wrote:
|>| is your firewall intercept TCP traffic from net 10.1.0.0/16 to your
|>squid box?
|>|
|>|
|>|
|>| Quoting Malcolm Turnbull <malcolm.turnbull@crocus.co.uk>:
|>|
|>|
|>|>Um, I'm not sure I described it well enough..
|>|>But the local network that the firewall is on has 60 hosts on
|>|>10.0.0.0/255.255.0.0
|>|>It also has a router to the second network 10.1.0.0/255.255.255.0
|>|>with another 100 hosts.
|>|>
|>|>Both networks have interet access through the same firewall.
|>|>
|>|>
|>|>Arno_STREULI@ca-indosuez.ch wrote:
|>|>|
|>|>| Look your subnet mask
|>|>| on the proxxy you setup 10.0.0.0 255.255.0.0 (B Class) and on the
|>|>other side you
|>|>| setup 10.1.0.0 255.255.255.0 (C Class) for your proxy the 10.1.0.0
|>|>il
|>|>a local
|>|>| network not a remote one.
|>|>| You should change the netmask on the proxy to 10.0.0.0
|>|>255.255.255.0
|>|>|
|>|>| Regards,
|>|>|
|>|>| Arno
|>|>|
|>|>|
|>|>|
|>|>|
|>|>| ******************************************************************
|>|>| DISCLAIMER - E-MAIL
|>|>| -------------------
|>|>| The information contained in this E-Mail is intended for the named
|>|>| recipient(s). It may contain certain privileged and confidential
|>|>| information, or information which is otherwise protected from
|>|>| disclosure. If you are not the intended recipient, you must not
|>|>| copy,distribute or take any action in reliance on this information
|>|>| ******************************************************************
|>|>
|>|>
|>|>--
|>|>
|>|>Regards,
|>|>
|>|>Malcolm Turnbull
|>|>
|>|>IT Manager
|>|>Crocus.co.uk Ltd
|>|>
|>|>01344 629661
|>|>07715 770523
|>|>
|>|>http://www.crocus.co.uk/
|>|>
|>|>
|>|>
|>|
|>
|>
|
|
|
|

-- 
Regards,
Malcolm Turnbull
IT Manager
Crocus.co.uk Ltd
01344 629661
07715 770523
http://www.crocus.co.uk/
Received on Fri Aug 09 2002 - 02:00:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:34 MST