[olug] Squid access with RAS server (revised)
Phil Brutsche
phil at brutsche.us
Thu Aug 7 23:49:39 UTC 2003
A long time ago, in a galaxy far, far way, someone said...
> On Thu, 2003-08-07 at 10:24, Ryan O'Rourke wrote:
> > I'm using Squid as a proxy server to restrict web access for our LAN.
> > Everything is working fine except for remote users who dial-in through
> > our MS RAS server.
> > The problem stems from the fact that our LAN is a 10.x.x.x subnet which
> > is, by default, a Class A subnet (255.0.0.0). All hosts on our LAN are
> > set to Class C (255.255.255.0), that is except when they dial in. That's
> > because an MS RAS server will grab addresses from DHCP and use the /default/
> > subnet for the addresses instead of the subnet the DHCP server says it
> > should use. Therefore, all dialup users are assigned a 10.1.10.x/8
> > address and Squid is not allowing them web access.
> >
> > I thought I had squid.conf setup correctly to allow 10.0.0.0/8 access,
> > but it's still not working. Any ideas?
First thing would be to make sure the dial-up users are able to ping the
squid box.
> > ### squid.conf snippet ###
> > acl localnetwork 10.0.0.0/8
I think you want
acl localnetwork src 10.0.0.0/8
> > http_access allow localnetwork
> > http_access allow all
--
Phil Brutsche
phil at brutsche.us
More information about the OLUG
mailing list