[squid-users] Re: stupid problem with squid and and local adresses.

From: Ton Muller <spatieman_at_online.nl>
Date: Sat, 23 Jun 2012 11:55:05 +0200

On 23-6-2012 3:47, Linda W wrote:
> Ton Muller wrote:
>> access webmail is not possible when i use name lookup, i must use IP
>> adres for it.
>>
>> so, my question..
>> where did i make a mistake , i used basic squid config, and added only
>> some ports for access.
> ----
>
> lots of possibilities --
> 1), I usually have clients setup to go direct to anything on my local net.
> If they can't resolve the other hostnames properly (internal DNS/hosts/NIS/
> whatever). That could cause problems. How do your internal clients
> resolve internal addresses -- do you have a DNS server setup for local
> clients?
>
Yes, i have named on my openBSD box running, and yes, it works as it
should be....

>
>
> 2) I also usually have squid setup NOT to serve internal addresses -- so if
> a client tries to go through squid to get to an internal address, it
> will usually
> get an 'access denied' -- since going through squid to get to a local
> address is
> just 'wrong'...
hm,mkey..
and how i adapt it to my condig, if i may ask..

>
> It also helps prevent someone getting access to squid from the outside
> -- (hypothetical)
> then they would get an access denied for any ports on the inside of my net.
>
> Those are things that would go wrong on my network. Now what can go
> wrong on your
> network depends on config's of clients, squid, how your network is
> setup...etc...
>
> Give you any ideas?
>
>
ideas enough.
as say, am using openBSD for nat, and serving local stats with mrtg and
smokeping (NO ACCESS TO EVIL WAN xD)

am not having squid configed as accelerator (it even wont let me, if i
add the tags, a check on config gives errors)

DNS is setup to serve local names only, and fetching DNS when needed extern.
Received on Sat Jun 23 2012 - 09:55:04 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 27 2012 - 12:00:04 MDT