March 4, 2009 at 18:45Squid for the little ones
Everything comes time, and every novice system administrator is studying new software packages for work. So the time has come for Squid, I think you should not explain what it is, if you read it, then you already know what the squid is and why it is needed!
But once, too, I had to study these wilds of the config ... At first I thought that it simply was not really possible to configure it, due to the large number of parameters. But over time, I realized that everything was already set up there for normal operation. To distribute the Internet you just need to add
So, these two magic lines will do the following:
First line Create an acl (Access Control List) named all for absolutely all ip addresses.
The second will allow acl all access.
That's all, now everyone who will break into our proxy will be able to break into the Internet with impunity, although you can see who, where and how much, but this topic is another article. But this can be avoided. Suppose you have 192.168.0.0/24 under your network. A server with a squid weighs at 192.168.0.1{128 (port 3128 by default), and the second interface (no matter which one) looks at the Internet, in order to use the Internet only computers from your network must be removed acl all, ( it is generally not recommended to use it in alllow !!!) and create, for example, like this:
Now, everyone with an ip-address is included in our acl my_network.
If this interests you, then wait for new articles from the series “Notes of a
bad-luck admin” :) Krosspost from my blog
But once, too, I had to study these wilds of the config ... At first I thought that it simply was not really possible to configure it, due to the large number of parameters. But over time, I realized that everything was already set up there for normal operation. To distribute the Internet you just need to add
- acl all src 0.0.0.0/24
- http_access allow all
So, these two magic lines will do the following:
First line Create an acl (Access Control List) named all for absolutely all ip addresses.
The second will allow acl all access.
That's all, now everyone who will break into our proxy will be able to break into the Internet with impunity, although you can see who, where and how much, but this topic is another article. But this can be avoided. Suppose you have 192.168.0.0/24 under your network. A server with a squid weighs at 192.168.0.1{128 (port 3128 by default), and the second interface (no matter which one) looks at the Internet, in order to use the Internet only computers from your network must be removed acl all, ( it is generally not recommended to use it in alllow !!!) and create, for example, like this:
- acl my_network src 192.168.0.0/24
- acl all src 0.0.0.0/24
- http_access allow my_network
- http_access deny all
Now, everyone with an ip-address is included in our acl my_network.
If this interests you, then wait for new articles from the series “Notes of a
bad-luck admin” :) Krosspost from my blog