[squid-users] External user cant access web server
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 19 11:37:01 UTC 2017
On 17/10/17 21:56, hoje wrote:
> Hi Mr.Amos,
>
> Thank you for helping in my previous post. I have a question. I’ve tried the
> same squid.conf setup to a new topology, and it works only for all internal
> users. But, external users that want to access my public web server, will
> get an access denied error (’The requested URL could not be retrieved’).
> Anything that i need to do to fix this problem? Please advice. Thank you
> again.
>
> My setup
> ———
> debian 9, squid-3.5.26-20170702-r14182
>
>
> Old topology (that works)
> ————
> WAN +-->RT+—>(linux+SQUID+bridge)—>SW+---> INT USER
>
What are the WAN users supposed to be accessing in this "working" topology?
( the "->" indicates request flow).
>
> New topology (ext user can’t access my web server)
> ———————
> WAN +-->RT+—>(linux+SQUID+bridge)+—> FW+---> SW+---> INT USER
> +
> |
> v
> DMZ SW
> +
> |
> v
> WEB SRV
You seem to be describing WAN users accessing internal user accounts,
which relay to internal web server. That right ?
> My squid.conf
> —————
> https://pastebin.com/AbU6nihK
>
This config only permits the LAN 10/8, fe80::/16, and fc00::/16 ranges -
though the ports are IPv4-only so those IPv6 ranges cannot even connect
in the first place.
To run Squid as a gateway for an internal server you need an accel port,
cache_peer and http_access + cache_peer_access to permit access to the
hosted domains.
see
<https://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator>
and <https://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting>
Amos
More information about the squid-users
mailing list