Hello all, I am a newbie in Linux world and have been working for 3 weeks in a lab network test that has the following layout:
Internet---ExternalFirewall--Squid--InternalFirewall--LAN The LAN clients are SecureNat having the InternalFirewall's (an ISA Server) LAN Interface as Gateway. I want Squid to act as a Proxy Server to my LAN Clients and the problem is that these clients are not able to connect to the internet neither when ISA is configured to have Squid as an Upstream Proxy Server nor as the Gateway of ISA's DMZ interface. Even if I set these secureNAT clients also as WebClients, ths Squid access.log shows no connections. On the other hand, when I set ISA's Gateway to ExternalFirewall's DMZ interface IP, clients can connect to the internet. Also, from Squid I am able to ping and resolve internet names. The squid client is able to connect to the internet too and leaves its signature in access.log. ExtFw DMZ IP: 175.17.6.11, DG:none SQUID IP: 175.17.6.1, DG:175.17.6.11 IntFw DMZ IP: 175.17.6.5, DG:175.17.6.(1 or 11) IntFw LAN IP: 192.168.1.10, DG:none My LAN is 192.168.1.0/24, DMZ 175.17.6.0/24 The Linux is running Squid and Postfix, no IPTables. Its Gateway is the ExternalFirewall's DMZ interface IP. I have already set Squid to listen on port 3128 and 80, enabled httpd accelerated mode on port 80 and 3128, set httpd_accel_host to virtual and to the ExternalFirewall's DMZ interface IP with no positive result. If I put a computer client in the DMZ it is able to connect to the internet only as a WebClient, not as SecureNAT (having squid as proxy/gateway). No records in access.log. My squid.conf is simple: http_port 3128 acl all 0.0.0.0/0.0.0.0 http_access allow all and also tested with: (httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ) Is there any conceptual error here? I am not sure whether I need Squid in Accelerated mode. Must Squid be between subnets, acting as a gateway to all this work? Comments would be great! Tia, Claudius --- Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - � gr�tis! http://antipopup.uol.com.br
