I'd like to better understand what squid is complaining about when it's restarted and more importantly how/what to correct the squid.conf entries.
What I've done thus far: I moved the machine(corona) from network A(miltoy) to network B(yoderst) squid complained with: parseConfigFile: line 95 unrecognized: 'tcp_incoming_address 10.28.248.123' since I know next to nothing about what "parseConfigFile" means I edited line 95 to match the interfaces new IP(192.168.4.4) and added yoderst wherever I saw miltoy TIA --ChuckS output from: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>:~# /etc/init.d/squid restart Restarting proxy server: 2003/12/06 09:15:00| parseConfigFile: line 95 unrecognized: 'tcp_incoming_address 192.168.4.4' 2003/12/06 09:15:00| squid.conf line 1037: http_access allow manager localhost miltoy yoderst corona 2003/12/06 09:15:00| aclParseAccessLine: ACL name 'yoderst' not found. 2003/12/06 09:15:00| squid.conf line 1046: http_access allow yoderst 2003/12/06 09:15:00| aclParseAccessLine: ACL name 'yoderst' not found. 2003/12/06 09:15:00| squid.conf line 1046: http_access allow yoderst 2003/12/06 09:15:00| aclParseAccessLine: Access line contains no ACL's, skippingsquid. excerpts from squid.conf: <snip> # TAG: udp_incoming_address # TAG: udp_outgoing_address # Usage: tcp_incoming_address 10.20.30.40 # udp_outgoing_address fully.qualified.domain.name # # tcp_incoming_address is used for the HTTP socket which accepts # connections from clients and other caches. # tcp_outgoing_address is used for connections made to remote # servers and other caches. # udp_incoming_address is used for the ICP socket receiving packets # from other caches. # udp_outgoing_address is used for ICP packets sent out to other # caches. # # The default behaviour is to not bind to any specific address. # # NOTE, udp_incoming_address and udp_outgoing_address can not # have the same value (unless it is 0.0.0.0) since they both use # port 3130. # tcp_incoming_address 192.168.4.4 #tcp_incoming_address 127.0.0.1 #tcp_outgoing_address 0.0.0.0 udp_incoming_address 192.168.4.4 #udp_outgoing_address 0.0.0.0 <snip> # ACCESS CONTROLS # -------------------------------------------------------------------- --------- # TAG: acl # Defining an Access List # # acl aclname acltype string1 ... # acl aclname acltype "file" ... # # when using "file", the file should contain one item per line # # acltype is one of src dst srcdomain dstdomain url_pattern # urlpath_pattern time port proto method browser user # # By default, regular expressions are CASE-SENSITIVE. To make # them case-insensitive, use the -i option. # # acl aclname src ip-address/netmask ... (clients IP address) # acl aclname src addr1-addr2/netmask ... (range of addresses) # acl aclname dst ip-address/netmask ... (URL host's IP address) # acl aclname myip ip-address/netmask ... (local socket IP address) # # acl aclname srcdomain foo.com ... # reverse lookup, client IP # acl aclname dstdomain foo.com ... # Destination server from URL # acl aclname srcdom_regex [-i] xxx ... # regex matching client name # acl aclname dstdom_regex [-i] xxx ... # regex matching server # # For dstdomain and dstdom_regex a reverse lookup is tried if a IP # # based URL is used. The name "none" is used if the reverse lookup # # fails. # # acl aclname time [day-abbrevs] [h1:m1-h2:m2] # day-abbrevs: # S - Sunday # M - Monday # T - Tuesday # W - Wednesday # H - Thursday # F - Friday # A - Saturday # h1:m1 must be less than h2:m2 # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path # acl aclname port 80 70 21 ... # acl aclname port 0-1024 ... # ranges allowed # acl aclname proto HTTP FTP ... # acl aclname method GET POST ... # acl aclname browser [-i] regexp # # pattern match on User-Agent header # acl aclname ident username ... # # string match on ident output. # # use REQUIRED to accept any non-null ident. # acl aclname src_as number ... # acl aclname dst_as number ... # # Except for access control, AS numbers can be used for # # routing of requests to specific caches. Here's an # # example for routing all requests for AS#1241 and only # # those to mycache.mydomain.net: # # acl asexample dst_as 1241 # # cache_peer_access mycache.mydomain.net allow asexample # # cache_peer_access mycache_mydomain.net deny all # # acl aclname proxy_auth username ... # # list of valid usernames # # use REQUIRED to accept any valid username. # # # # NOTE: when a Proxy-Authentication header is sent but it is not # # needed during ACL checking the username is NOT logged # # in access.log. # # # # NOTE: proxy_auth requires a EXTERNAL authentication program # # to check username/password combinations (see # # authenticate_program). # # # # WARNING: proxy_auth can't be used in a transparent proxy. It # # collides with any authentication done by origin servers. It may # # seem like it works at first, but it doesn't. # # acl aclname snmp_community string ... # # A community string to limit access to your SNMP Agent # # Example: # # # # acl snmppublic snmp_community public # # #Examples: #acl myexample dst_as 1241 #acl password proxy_auth 300 # #Defaults: acl all src 0.0.0.0/0.0.0.0 acl miltoy src 192.168.4.0/255.255.255.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl corona src 192.168.4.4/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl CONNECT method CONNECT # TAG: http_access # Allowing or Denying access based on defined access lists # # Access to the HTTP port: # http_access allow|deny [!]aclname ... # # Access to the ICP port: # icp_access allow|deny [!]aclname ... # # NOTE on default values: # # If there are no "access" lines present, the default is to allow # the request. # # If none of the "access" lines cause a match, the default is the # opposite of the last line in the list. If the last line was # deny, then the default is allow. Conversely, if the last line # is allow, the default will be deny. For these reasons, it is a # good idea to have an "deny all" or "allow all" entry at the end # of your access lists to avoid potential confusion. # #Default configuration: #http_access deny manager http_access allow manager localhost miltoy yoderst corona http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # http_access allow localhost #http_access deny all http_access allow miltoy http_access allow yoderst #http_access allow all # TAG: icp_access # Reply to all ICP queries we receive # icp_access allow all # TAG: miss_access # Use to force your neighbors to use you as a sibling instead of # a parent. For example: # # acl localclients src 172.16.0.0/16 # miss_access allow localclients # miss_access deny !localclients # # This means that only your local clients are allowed to fetch # MISSES and all other clients can only fetch HITS. # # By default, allow all clients who passed the http_access rules # to fetch MISSES from us. miss_access allow all # TAG: cache_peer_access # Similar to 'cache_peer_domain' but provides more flexibility by # using ACL elements. # # cache_peer_access cache-host allow|deny [!]aclname ... # # The syntax is identical to 'http_access' and the other lists of # ACL elements. See the comments for 'http_access' below, or # the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/FAQ-10.html). # TAG: proxy_auth_realm # Specifies the realm name which is to be reported to the client for # proxy authentication (part of the text the user will see when # prompted their username and password). # #proxy_auth_realm Squid proxy-caching web server
