External user cant access web server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

External user cant access web server

hoje
Hi Mr.Amos,

Thank you for helping in my previous post. I have a question. I’ve tried the
same squid.conf setup to a new topology, and it works only for all internal
users. But, external users that want to access my public web server, will
get an access denied error (’The requested URL could not be retrieved’).
Anything that i need to do to fix this problem? Please advice. Thank you
again.

My setup
———
debian 9, squid-3.5.26-20170702-r14182


Old topology (that works)
————
WAN +-->RT+—>(linux+SQUID+bridge)—>SW+---> INT USER
                     
                       

New topology (ext user can’t access my web server)
———————
WAN +-->RT+—>(linux+SQUID+bridge)+—> FW+---> SW+---> INT USER
                                                                     +
                                                                     |
                                                                     v
                                                                DMZ SW
                                                                    +
                                                                    |
                                                                    v
                                                               WEB SRV
My squid.conf
—————
https://pastebin.com/AbU6nihK



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: External user cant access web server

Amos Jeffries
Administrator
On 17/10/17 21:56, hoje wrote:

> Hi Mr.Amos,
>
> Thank you for helping in my previous post. I have a question. I’ve tried the
> same squid.conf setup to a new topology, and it works only for all internal
> users. But, external users that want to access my public web server, will
> get an access denied error (’The requested URL could not be retrieved’).
> Anything that i need to do to fix this problem? Please advice. Thank you
> again.
>
> My setup
> ———
> debian 9, squid-3.5.26-20170702-r14182
>
>
> Old topology (that works)
> ————
> WAN +-->RT+—>(linux+SQUID+bridge)—>SW+---> INT USER
>

What are the WAN users supposed to be accessing in this "working" topology?
  ( the "->" indicates request flow).

>
> New topology (ext user can’t access my web server)
> ———————
> WAN +-->RT+—>(linux+SQUID+bridge)+—> FW+---> SW+---> INT USER
>                                                                       +
>                                                                       |
>                                                                       v
>                                                                  DMZ SW
>                                                                      +
>                                                                      |
>                                                                      v
>                                                                 WEB SRV

You seem to be describing WAN users accessing internal user accounts,
which relay to internal web server. That right ?


> My squid.conf
> —————
> https://pastebin.com/AbU6nihK
>

This config only permits the LAN 10/8, fe80::/16, and fc00::/16 ranges -
though the ports are IPv4-only so those IPv6 ranges cannot even connect
in the first place.

To run Squid as a gateway for an internal server you need an accel port,
cache_peer and http_access + cache_peer_access to permit access to the
hosted domains.
  see
<https://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator>
and <https://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting>



Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users