[olug] Squid access with RAS server (revised)
Ryan O'Rourke
ryano at ch-gifts.com
Fri Aug 8 13:16:05 UTC 2003
On Thu, 2003-08-07 at 18:49, Phil Brutsche wrote:
> A long time ago, in a galaxy far, far way, someone said...
>
> > On Thu, 2003-08-07 at 10:24, Ryan O'Rourke wrote:
> > > I'm using Squid as a proxy server to restrict web access for our LAN.
> > > Everything is working fine except for remote users who dial-in through
> > > our MS RAS server.
> > > The problem stems from the fact that our LAN is a 10.x.x.x subnet which
> > > is, by default, a Class A subnet (255.0.0.0). All hosts on our LAN are
> > > set to Class C (255.255.255.0), that is except when they dial in. That's
> > > because an MS RAS server will grab addresses from DHCP and use the /default/
> > > subnet for the addresses instead of the subnet the DHCP server says it
> > > should use. Therefore, all dialup users are assigned a 10.1.10.x/8
> > > address and Squid is not allowing them web access.
> > >
> > > I thought I had squid.conf setup correctly to allow 10.0.0.0/8 access,
> > > but it's still not working. Any ideas?
>
> First thing would be to make sure the dial-up users are able to ping the
> squid box.
>
> > > ### squid.conf snippet ###
> > > acl localnetwork 10.0.0.0/8
>
> I think you want
>
> acl localnetwork src 10.0.0.0/8
>
> > > http_access allow localnetwork
> > > http_access allow all
>
Thanks, Phil! I had simply overlooked the syntax of the ACL... :-)
-- Ryan
More information about the OLUG
mailing list