[squid-users] Access regulation with multiple outgoing IPs

rudi rudis.gameshop at gmail.com
Sun Oct 25 15:28:05 UTC 2015


Hey Amos,

thank you very much for your very helpful information. Now i have an access
control an SSL is fixed too but i had to add port 80 as SSL port to use the
proxies as https proxy in proxifier.

One more question. Now i can use the proxies from
193.xxx.xxx.x1/255.255.255.xxx. But if i want to use the proxies from a
virtual machine i can not get access to them. I tried different Ips. Do you
know what IPs or information i have to add to the acl on top  to get the VMs
working? Thank you so much!


This is my file with working access regulation and SSL fix:

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines
acl localnet src 193.xxx.xxx.x1/255.255.255.xxx


acl SSL_ports port 443
acl SSL_ports port 80
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports


# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

http_port 178.xxx.xxx.x3:3129 name=3129
acl vm3129 myportname 3129
tcp_outgoing_address 178.xxx.xxx.x3 vm3129



# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
#http_port 3128


Best regards
Manuel



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Access-regulation-with-multiple-outgoing-IPs-tp4673900p4673906.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list