[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-users
Subject: Re: [squid-users] acl src question
From: Service MV <service.mv () gmail ! com>
Date: 2019-08-15 20:10:25
Message-ID: CA+d==oF-TeJ-HrDxOAa2zyPAHHTN=vXb3DCT7fO5Pq949B6=zw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Amos. The indication was useful.
Best regards
Gabriel
El vie., 9 ago. 2019 03:19, Amos Jeffries <squid3@treenet.co.nz> escribi=C3=
=B3:
> On 9/08/19 1:57 am, Service MV wrote:
> > Hello everyone!
> >
> > I have a network 192.168.10.0/22
> > I want to let the IP ranges 192.168.12.1 to 192.168.13.254 through my
> > proxy, but not the ranges 192.168.10.1 to 192.168.11.254.
> > If I don't misunderstand the documentation
> > <http://www.squid-cache.org/Versions/v4/cfgman/acl.html>, the correct
> > way to do this would be:
> > acl mylocalnet src 192.168.12.0/24
> > acl mylocalnet src 192.168.13.0/24
> > [...]
> > http_access allow mylocalnet
> >
> > Is this right?
>
> Close. But that would include the machines with *.0 and *.255 address
> outside the range you mention wanting to match.
>
> If your needed range does not map to nice CIDR range(s) you can set the
> start and end address instead:
>
> acl mylocalnet src 192.168.12.1-192.168.13.254
>
>
>
> PS. setting the LAN range(s) you want to use the proxy is what the
> "localnet" ACL is there for. The values provided are just an example of
> standardized ranges that will let the proxy work on most networks by
> default.
> There is usually no need for a new custom name, just edit the list as
> necessary for your policy. Unless you mean something else for this
> custom ACL to be doing - in which case you might want to consider using
> a name that makes the access rules read in a more easily interpreted way.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
[Attachment #5 (text/html)]
<div dir="auto"><span style="font-family:sans-serif">Thanks Amos. The indication was \
useful.</span><div dir="auto" style="font-family:sans-serif"><div dir="auto">Best \
regards</div><div dir="auto"><br></div><div \
dir="auto">Gabriel</div></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">El vie., 9 ago. 2019 03:19, Amos Jeffries <<a \
href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">On 9/08/19 1:57 am, Service MV \
wrote:<br> > Hello everyone!<br>
> <br>
> I have a network <a href="http://192.168.10.0/22" rel="noreferrer noreferrer" \
target="_blank">192.168.10.0/22</a><br> > I want to let the IP ranges 192.168.12.1 \
to 192.168.13.254 through my<br> > proxy, but not the ranges 192.168.10.1 to \
192.168.11.254.<br> > If I don't misunderstand the documentation<br>
> <<a href="http://www.squid-cache.org/Versions/v4/cfgman/acl.html" \
rel="noreferrer noreferrer" \
target="_blank">http://www.squid-cache.org/Versions/v4/cfgman/acl.html</a>>, the \
correct<br> > way to do this would be:<br>
> acl mylocalnet src <a href="http://192.168.12.0/24" rel="noreferrer noreferrer" \
target="_blank">192.168.12.0/24</a><br> > acl mylocalnet src <a \
href="http://192.168.13.0/24" rel="noreferrer noreferrer" \
target="_blank">192.168.13.0/24</a><br> > [...]<br>
> http_access allow mylocalnet<br>
> <br>
> Is this right?<br>
<br>
Close. But that would include the machines with *.0 and *.255 address<br>
outside the range you mention wanting to match.<br>
<br>
If your needed range does not map to nice CIDR range(s) you can set the<br>
start and end address instead:<br>
<br>
acl mylocalnet src 192.168.12.1-192.168.13.254<br>
<br>
<br>
<br>
PS. setting the LAN range(s) you want to use the proxy is what the<br>
"localnet" ACL is there for. The values provided are just an example of<br>
standardized ranges that will let the proxy work on most networks by<br>
default.<br>
There is usually no need for a new custom name, just edit the list as<br>
necessary for your policy. Unless you mean something else for this<br>
custom ACL to be doing - in which case you might want to consider using<br>
a name that makes the access rules read in a more easily interpreted way.<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" \
rel="noreferrer">squid-users@lists.squid-cache.org</a><br> <a \
href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer" \
target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br> \
</blockquote></div>
[Attachment #6 (text/plain)]
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic