Re: [squid-users] Squid ACL problem I think.....

From: Waitman C. Gobble, II <[email protected]>
Date: Sun, 4 Aug 2002 11:45:48 -0700

ok, but what happens when you simply do an nslookup without explicity
specifying the server (squid and other network services won't necessarily
use the local nameserver - it will use the default nameservers you set up in
the network settings on the server).

nslookup www.banpais.hn

take care

Waitman

----- Original Message -----
From: "1.The NetSys Company" <admin@netsys.hn>
To: "Waitman C. Gobble, II" <waitman@emkdesign.com>
Sent: Sunday, August 04, 2002 10:35 AM
Subject: Re: [squid-users] Squid ACL problem I think.....

> -- [ From: 1.The NetSys Company * EMC.Ver #2.5.02 ] --
>
> Thks for your help ...
>
> I have logged into my squid server and did nslookup from localhost here is
> the results
>
> > server localhost
> Default Server: localhost.netsys.hn
> Address: 127.0.0.1
>
> > banpais.hn
> Server: localhost.netsys.hn
> Address: 127.0.0.1
>
> Name: banpais.hn
> Address: 200.41.80.130
>
> > www.banpais.hn
> Server: localhost.netsys.hn
> Address: 127.0.0.1
>
> Name: brainstorm.banpais.hn
> Address: 200.41.80.130
> Aliases: www.banpais.hn
>
> It seems to be resolving ok ,..... any other ideas ... this is really got
me
> stumped...
>
> QTaylor
> -------- REPLY, Original message follows --------
>
> Date: Sunday, 04-Aug-02 10:22 AM
>
> From: Waitman C. Gobble, II \ Internet: (waitman@emkdesign.com)
> To: Squid Help \ Internet:
(squid-users@squid-cache.org)
>
> Subject: Re: [squid-users] Squid ACL problem I think.....
>
> Hello There,
>
> I am not sure if this will be helpful, but at my first glance it appears
to
> be a DNS issue. Just a couple of lincoln heads of my opinion for you....
>
> Note that when a client going through squid makes a request for a web
site,
> it sends the host request to the server, where name resolution takes
place.
> name resolution is not performed on the client. I would suggest performing
> some queries for the domains you mention below - from the server running
> squid - and see if the resolved addresses make sense.
>
> As an example, let's say I have a client on a network (192.168.168.0/24)
> behind a firewall, with squid on a completely different network at a
> different location. If I open my browser on the client and request
"192.168.
> 168.5", perhaps some webserver on my local intranet, squid will look for
192
> .168.168.5 on ITS network, not the network of the client machine.
>
> Of course, you can set your browser to avoid the cache request on internal
> addresses, or particular blocks, etc.
>
> However - I really hadn't thought much about it previously, but this could
> actually be some sort of security concern? Someone outside can easily map
to
> internal addresses...
>
> I suppose I need to re-evaluate my own squid configuration file....
>
> Take care,
>
> Waitman Gobble
> EMK Design
> Buena Park California
> +1.7145222528
> http://emkdesign.com
>
>
> ----- Original Message -----
> From: "1.The NetSys Company" <admin@netsys.hn>
> To: "Squid Help" <squid-users@squid-cache.org>
> Sent: Sunday, August 04, 2002 6:11 AM
> Subject: [squid-users] Squid ACL problem I think.....
>
>
> > -- [ From: 1.The NetSys Company * EMC.Ver #2.5.02 ] --
> >
> > Hello from Honduras
> >
> > We are a national ISP and have several hundred dedicated networks under
> our
> > IP blocks ... we pass all http traffic thru Squid however our clients
are
> > unable to see any web domains of my dedicated clients...
> >
> > In other words, our clients, whether dedicated or dialup cannot see the
> > websites of any of our true domain clients..... for instance ... no
> netsys.
> > hn client can see www.banpais.hn or mayanet.hn..... they can see ALL
other
> > webites ... no problem ... just the webservers under our IP blocks
cannot
> be
> > seen by any NetSys clients...
> >
> > Any help in this would be greatly appreciated...
> >
> > --
> >
> > Quin Taylor
> > Operations Manager
> >
> > The NetSys Company of Honduras
> > Email: admin@netsys.hn
> > WWWeb site: http://www.netsys.hn
> >
> > Hotline HelpDesk: 566-1055
> > Tel: 504-566-1055
> > Fax: 504-566-3183
> >
> >
>
>
>
> -------- REPLY, End of original message --------
>
>
> --
>
> Quin Taylor
> Operations Manager
>
> The NetSys Company of Honduras
> Email: admin@netsys.hn
> WWWeb site: http://www.netsys.hn
>
> Hotline HelpDesk: 566-1055
> Tel: 504-566-1055
> Fax: 504-566-3183
>
>
Received on Sun Aug 04 2002 - 12:46:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:31 MST