Firewall Wizards mailing list archives
Re: Squid Firewall + Proxy
From: "Robert Collins" <robert.collins () itdomain com au>
Date: Sat, 16 Dec 2000 00:54:47 +1100
Hi Cristoph, The best places for you to get information on squid is the squid website - http://www.squid-cache.org. There is a FAQ and users guide there that covers setting up Squid, including the squid.conf file, as well as a mailing for peer support. FYI Squid is not a firewall, and MS Proxy's http gateway is not either. They are both HTTP proxy cache servers. Regarding your specific questions: 1)You need to add an acl for the class C network. ie acl office src 192.168.0.0/24 and then allow traffic from that netowrk to use squid where the config says "add your rules here" add http_access allow office 2) To add usernames and passwords you need to perform two steps: a) compile and install an authentication helper (ie ./configure --enable-auth-modules="NCSA" make make install would build the NCSA style authenticaiton helper). b) edit the config file to reflect the helper, and configure the squid ACL rules. add acl users proxy_auth user1 user2 user3 and as before , but with a twist http_access deny !users http_access allow office you can perform mixed lines like so http_access allow office users 3) where do you set the users and passwords? That depends on the helper. Squid can integrate into SAMBA domains, YP/NIS, PAM, MS Domains (including NTLM CHAP authentication now), htpassword files a la apache, LDAP (against MS Active directory/Novell NDS or any other LDAP enabled directory...) 4) The default in squid is to let no traffic through except local cache management traffic. This is by design - open proxy servers allow 'bad things' to happen, and there is no way to know reliably when installing squid what local networks should be allowed to user Squid. 5) follow the FAQ I refered to above. All your questions are typical of a new install of squid, and have been answered in more detail at the squid web site. Rob ----- Original Message ----- From: "Christoph" <puetzc () yahoo com> To: <firewall-wizards () nfr com> Sent: Friday, December 15, 2000 2:46 PM Subject: [fw-wiz] Squid Firewall + Proxy
We're doing software development. Our application is web based and therefore we have to work with/around a few firewall specific problems. One of our clients is using the Squid server on Unix as firewall and as a proxy server. Our application uses an addin for MS Excel. We use proxy information from the users system to go through the firewall proxy. However - we do have problems going through the Squid. We are unable to reproduce the problem by using MS Proxy and a firewall and therefore have to configure a Squid setup. We do have problems with the configuration. Result is always "Access denied" and we probably do something wrong with our setup of the configuration file. How do I put in the IP addresses for my client? We try to follow the example in the conf file but are not sure if we do it right. I'd like to be able to specify a whole class c IP address range and/or a few single IP addresses. Where and how do I specify user names? Where and how do I specify the passwords? Is one of the default settings in the Squid conf file keeping me away from going through the Squid? What are the changes I have to make if I just want to open the Squid for users who will need password authentication? If anyone has some useful tips and tricks for me - maybe even a conf file (without confidential data of course) - that would be great. Thanks in advance!! Chris __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Squid Firewall + Proxy Christoph (Dec 15)
- Re: Squid Firewall + Proxy Rainer Ginsberg (Dec 16)
- TACACS+ and PIX Nimesh Vakharia (Dec 20)
- Re: Squid Firewall + Proxy Robert Collins (Dec 20)
- Re: Squid Firewall + Proxy Rainer Ginsberg (Dec 16)