William W. Austin wrote:
A couple of weeks ago I had to replace an ancient firewall machine (h/w
failure). That machine had been running FC3 without problems for well
over a year, and it was my proxy server running squid.
I thought that I would upgrade the O/S, and I installed F7. (Mistake?)
Everything else works fine, but I now have spent several days trying to
get squid working properly. My config file
<snip>
Hi William
It took me a little while to figure out Squid's permissions system when
I set it up recently on an F7 server. I have Webmin installed on that
machine, which gives you a nice, easy to use interface to Squid, so I
was able to sort it out by looking at the existing settings.
Squid appears to use "iptables like" permissions to work out who can
connect, from where, and what they can get to. It makes Squid pretty
powerful in what it can do, but also more complex to configure.
I have just had a look in:
/etc/squid/squid.conf
and see that I have added to the standard configuration under the ACL
heading (very long file, this is about 61% of the way down):
acl LAN src 192.168.8.1/255.255.255.0
This was sufficient to allow all clients on my subnet (192.168.8.*) to
connect to squid. You will have to adjust the ip (and possibly the
netmask) to suit your LAN.
I also had to add an "allow" statement to the "LAN" ACL node a little
further down with a group of similar statements:
http_access allow LAN
Note: this MUST come before the: "http_access deny all". This is one of
the similarities with iptables ...
I believe that was all I had to do to make Squid work (apart from a
restart). I believe that the machine in question has selinux running.
Hope that this is useful to you.
Regards,
Langdon
