Hi Tim, I don't know if you solved your "Access denied" issue already.
If you don't, you should check if in your /usr/local/etc/squid/squid.conf exist this line: "acl allowed_subnets src x.x.x.x/x" Where x.x.x.x/x represents your subnet (192.168.1.0/24), if it doesn't exist, just add it, and then you should add this line: "http_access allow allowed_subnets" just before the line which reads: "http_access deny all" That grants access to the external interface to the "allowed subnets", and voila! I hope this may help you ;) By the way, version 1.0 it's solid rock!! Thanks for your awesome work you guys! Emanuel Gonzalez Guatemala -----Mensaje original----- De: Tim Roberts [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 23 de Octubre de 2006 10:35 p.m. Para: [email protected] Asunto: Re: [pfSense Support] Squid Access Denied I see the acl allowed_subnets src 172.16.0.0/12 . no on the http_access localnet. there is of course "http_access allow localhost" Thanks! Tim ----- Original Message ----- From: "Gary Buckmaster" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, October 23, 2006 10:14 AM Subject: Re: [pfSense Support] Squid Access Denied > Tim, > > SSH into the box and look at the squid.conf file located at > /usr/local/etc/squid/squid.conf. In there you should see an acl defintion > called localnet which should look something like: > > acl localnet src 172.16.0.0/255.255.0.0 > > Let me know if you don't see that, or if you don't see an http_access > allow localnet ACL handler. > Tim Roberts wrote: >> I see the note on the access control page: >> Those are the subnets (separated by commas) that are allowed to use the >> proxy. The subnets must be expressed as CIDR ranges (e.g.: >> 192.168.1.0/24). Note that the proxy interface subnet is already an >> allowed subnet. All the other subnets won't be able to use the proxy. >> >> Im running the proxy on my LAN. Since I want my LAN clients to use the >> proxy, is this correct? I added 172.16.0.0/12 in the access control, >> allowed subnets page and I have tried clients from 172.16.248.0 and >> 172.25.0.0, both get the same thing. >> >> Thanks >> Tim >> ----- Original Message ----- From: "Gary Buckmaster" >> <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Monday, October 23, 2006 9:43 AM >> Subject: Re: [pfSense Support] Squid Access Denied >> >> >>> Tim, >>> >>> I'm not sure where you're seeing that you don't need to put your local >>> subnet in the allowed subnets tab, that's exactly where it goes. Add >>> it, make sure you're running squid on the right interface and you should >>> be good. Of course enable logging and tail the access.log to be >>> absolutely sure. That's all that's required. >>> >>> Tim Roberts wrote: >>>> Thanks for the fast reply! I have the box checked "allow users on >>>> interface" and I have put my local subnet under access control - >>>> alllowed subnets - even though it states you dont need to. Create the >>>> acl where? sorry for the newbie questions - I have configured Squid in >>>> the past on a linux box and managed to make it work but Im ashamed to >>>> say it was from a specific how to. >>>> >>>> Thanks >>>> Tim >>>> ----- Original Message ----- From: "Gary Buckmaster" >>>> <[EMAIL PROTECTED]> >>>> To: <[email protected]> >>>> Sent: Friday, October 20, 2006 3:41 PM >>>> Subject: Re: [pfSense Support] Squid Access Denied >>>> >>>> >>>>> Tim, >>>>> >>>>> By default, squid will block everything. You need to create an ACL >>>>> for your LAN subnet(s) to allow access. Add the ACL and you should be >>>>> good. >>>>> >>>>> -Gary >>>>> >>>>> Tim Roberts wrote: >>>>>> Sorry in advance - I've plundered around and read the post from a >>>>>> ways back that some of the packages were broken, but was wondering if >>>>>> squid is operable now? Any way I try it out, I get: >>>>>> >>>>>> The following error was encountered: >>>>>> >>>>>> * *Access Denied. * >>>>>> >>>>>> Access control configuration prevents your request from being >>>>>> allowed at this time. Please contact your service provider if >>>>>> you feel this is incorrect. >>>>>> >>>>>> Authentication is disabled. I have tried setting it transparent as >>>>>> well as forcing the client browser thru 3128 and get the same >>>>>> results. I did have it running on an older version but hadn't messed >>>>>> with it for a good bit. I'm using 1.0 from last night. >>>>>> >>>>>> But, hey, you guys are kicking @## on everything! Unbelievable what >>>>>> you have done since the 0.7x days :) Snort is working great, >>>>>> actually, just about every package but squid that I have tried this >>>>>> go around plop up ad fly right out of the get go! Keep up the good >>>>>> work! >>>>>> >>>>>> >>>>>> Thanks >>>>>> >>>>>> Tim >>>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG. -- No virus found in this outgoing message. Checked by AVG. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
