I see the acl allowed_subnets src 172.16.0.0/12 . no on the http_access
localnet. there is of course "http_access allow localhost"
Thanks!
Tim
----- Original Message -----
From: "Gary Buckmaster" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, October 23, 2006 10:14 AM
Subject: Re: [pfSense Support] Squid Access Denied
Tim,
SSH into the box and look at the squid.conf file located at
/usr/local/etc/squid/squid.conf. In there you should see an acl defintion
called localnet which should look something like:
acl localnet src 172.16.0.0/255.255.0.0
Let me know if you don't see that, or if you don't see an http_access
allow localnet ACL handler.
Tim Roberts wrote:
I see the note on the access control page:
Those are the subnets (separated by commas) that are allowed to use the
proxy. The subnets must be expressed as CIDR ranges (e.g.:
192.168.1.0/24). Note that the proxy interface subnet is already an
allowed subnet. All the other subnets won't be able to use the proxy.
Im running the proxy on my LAN. Since I want my LAN clients to use the
proxy, is this correct? I added 172.16.0.0/12 in the access control,
allowed subnets page and I have tried clients from 172.16.248.0 and
172.25.0.0, both get the same thing.
Thanks
Tim
----- Original Message ----- From: "Gary Buckmaster"
<[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, October 23, 2006 9:43 AM
Subject: Re: [pfSense Support] Squid Access Denied
Tim,
I'm not sure where you're seeing that you don't need to put your local
subnet in the allowed subnets tab, that's exactly where it goes. Add
it, make sure you're running squid on the right interface and you should
be good. Of course enable logging and tail the access.log to be
absolutely sure. That's all that's required.
Tim Roberts wrote:
Thanks for the fast reply! I have the box checked "allow users on
interface" and I have put my local subnet under access control -
alllowed subnets - even though it states you dont need to. Create the
acl where? sorry for the newbie questions - I have configured Squid in
the past on a linux box and managed to make it work but Im ashamed to
say it was from a specific how to.
Thanks
Tim
----- Original Message ----- From: "Gary Buckmaster"
<[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, October 20, 2006 3:41 PM
Subject: Re: [pfSense Support] Squid Access Denied
Tim,
By default, squid will block everything. You need to create an ACL
for your LAN subnet(s) to allow access. Add the ACL and you should be
good.
-Gary
Tim Roberts wrote:
Sorry in advance - I've plundered around and read the post from a
ways back that some of the packages were broken, but was wondering if
squid is operable now? Any way I try it out, I get:
The following error was encountered:
* *Access Denied. *
Access control configuration prevents your request from being
allowed at this time. Please contact your service provider if
you feel this is incorrect.
Authentication is disabled. I have tried setting it transparent as
well as forcing the client browser thru 3128 and get the same
results. I did have it running on an older version but hadn't messed
with it for a good bit. I'm using 1.0 from last night.
But, hey, you guys are kicking @## on everything! Unbelievable what
you have done since the 0.7x days :) Snort is working great,
actually, just about every package but squid that I have tried this
go around plop up ad fly right out of the get go! Keep up the good
work!
Thanks
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
