Re: [squid-users] Squid and Router

From: stephane lepain <[email protected]>
Date: Thu, 31 Jan 2008 22:36:46 +0100

Amos Jeffries wrote:
>> Amos Jeffries wrote:
>>
>>> stephane lepain wrote:
>>>
>>>> Hi,
>>>>
>>>> I have given access to my router webpage configuration from my squid
>>>> server by adding in
>>>> *cache_peer 192.168.1.1 parent 3128 3130 login=PASS*
>>>> That is great because now I can access my router webpage
>>>> configuration from my server without any problems.
>>>> Sometimes, I need to access my router on a different PC which is just
>>>> a client. What can I add into my configuration squid.conf to make
>>>> that work?
>>>>
>>> If you have an assigned domain name for your router you can restrict
>>> only that domain to be redirected to that peer.
>>>
>>> Or if the IPs are fixed, you can restrict only the IPs you are going
>>> to connect to the router from as acceptable sources for the requests
>>> to the peer.
>>>
>>> It's a little weird that you have (only?) proxy-HTCP and ICP access to
>>> your router for admin. But its your config and you did not post the
>>> other details, so....
>>>
>>> Amos
>>>
>> Hi Amos,
>>
>> Yes I do have a domain (macitos.fr) and all the IPs are fixed. My goal
>> here is to access my router from another PC which is just a client and
>> has 192.168.1.8 for fix ip. With the config below I can access my router
>> from my server with fix ips 192.168.1.6/7
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443 # https
>> acl SSL_ports port 563 # snews
>> acl SSL_ports port 873 # rsync
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl Safe_ports port 631 # cups
>> acl Safe_ports port 873 # rsync
>> acl Safe_ports port 901 # SWAT
>> acl purge method PURGE
>> acl CONNECT method CONNECT
>> acl MyNetwork src 192.168.1.0/24
>> acl xchat port 6667
>>
>
> acl admin src 192.168.1.8 127.0.0.1
>
>
>> http_access allow manager localhost
>> http_access deny manager
>> http_access allow purge localhost
>> http_access deny purge
>> http_access allow CONNECT xchat
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny to_localhost
>> http_access allow MyNetwork
>> http_access allow localhost
>> http_access deny all
>>
>> icp_access allow all
>>
>> http_port 3128
>>
>> cache_peer 192.168.1.1 parent 3128 3130 login=PASS
>>
>
> cache_peer access 192.168.1.1 allow admin
> cache_peer_acces 192.168.1.1 deny all
>
>
>> acl QUERY urlpath_regex cgi-bin \?
>> cache deny QUERY
>>
>> header_access From deny all
>> header_access Referer deny all
>> header_access Server deny all
>> header_access User-Agent deny all
>> header_access WWW-Authenticate deny all
>> header_access Link deny all
>>
>>
>
> That should do it.
>
> Amos
>
>
Hi,

That doesn't do it, Amos. For some reason I had tried it but never
worked for me. I am unable to access the config page of my router from
that IP address 192.168.1.8. From the server, it's fine though.

acl admin src 192.168.1.8 127.0.0.1

cache_peer access 192.168.1.1 allow admin
cache_peer_acces 192.168.1.1 deny all

Cheers
Received on Thu Jan 31 2008 - 14:36:48 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST