'Re: [squid-users] acl src question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] acl src question
From:       Service MV <service.mv () gmail ! com>
Date:       2019-08-15 20:10:25
Message-ID: CA+d==oF-TeJ-HrDxOAa2zyPAHHTN=vXb3DCT7fO5Pq949B6=zw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Thanks Amos. The indication was useful.
Best regards

Gabriel

El vie., 9 ago. 2019 03:19, Amos Jeffries <squid3@treenet.co.nz> escribi=C3=
=B3:

> On 9/08/19 1:57 am, Service MV wrote:
> > Hello everyone!
> >
> > I have a network 192.168.10.0/22
> > I want to let the IP ranges 192.168.12.1 to 192.168.13.254 through my
> > proxy, but not the ranges 192.168.10.1 to 192.168.11.254.
> > If I don't misunderstand the documentation
> > <http://www.squid-cache.org/Versions/v4/cfgman/acl.html>, the correct
> > way to do this would be:
> > acl mylocalnet src 192.168.12.0/24
> > acl mylocalnet src 192.168.13.0/24
> > [...]
> > http_access allow mylocalnet
> >
> > Is this right?
>
> Close. But that would include the machines with *.0 and *.255 address
> outside the range you mention wanting to match.
>
> If your needed range does not map to nice CIDR range(s) you can set the
> start and end address instead:
>
>  acl mylocalnet src 192.168.12.1-192.168.13.254
>
>
>
> PS. setting the LAN range(s) you want to use the proxy is what the
> "localnet" ACL is there for. The values provided are just an example of
> standardized ranges that will let the proxy work on most networks by
> default.
>  There is usually no need for a new custom name, just edit the list as
> necessary for your policy. Unless you mean something else for this
> custom ACL to be doing - in which case you might want to consider using
> a name that makes the access rules read in a more easily interpreted way.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

[Attachment #5 (text/html)]

<div dir="auto"><span style="font-family:sans-serif">Thanks Amos. The indication was \
useful.</span><div dir="auto" style="font-family:sans-serif"><div dir="auto">Best \
regards</div><div dir="auto"><br></div><div \
dir="auto">Gabriel</div></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">El vie., 9 ago. 2019 03:19, Amos Jeffries &lt;<a \
href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>&gt; \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">On 9/08/19 1:57 am, Service MV \
wrote:<br> &gt; Hello everyone!<br>
&gt; <br>
&gt; I have a network <a href="http://192.168.10.0/22" rel="noreferrer noreferrer" \
target="_blank">192.168.10.0/22</a><br> &gt; I want to let the IP ranges 192.168.12.1 \
to 192.168.13.254 through my<br> &gt; proxy, but not the ranges 192.168.10.1 to \
192.168.11.254.<br> &gt; If I don&#39;t misunderstand the documentation<br>
&gt; &lt;<a href="http://www.squid-cache.org/Versions/v4/cfgman/acl.html" \
rel="noreferrer noreferrer" \
target="_blank">http://www.squid-cache.org/Versions/v4/cfgman/acl.html</a>&gt;, the \
correct<br> &gt; way to do this would be:<br>
&gt; acl mylocalnet src <a href="http://192.168.12.0/24" rel="noreferrer noreferrer" \
target="_blank">192.168.12.0/24</a><br> &gt; acl mylocalnet src <a \
href="http://192.168.13.0/24" rel="noreferrer noreferrer" \
target="_blank">192.168.13.0/24</a><br> &gt; [...]<br>
&gt; http_access allow mylocalnet<br>
&gt; <br>
&gt; Is this right?<br>
<br>
Close. But that would include the machines with *.0 and *.255 address<br>
outside the range you mention wanting to match.<br>
<br>
If your needed range does not map to nice CIDR range(s) you can set the<br>
start and end address instead:<br>
<br>
  acl mylocalnet src 192.168.12.1-192.168.13.254<br>
<br>
<br>
<br>
PS. setting the LAN range(s) you want to use the proxy is what the<br>
&quot;localnet&quot; ACL is there for. The values provided are just an example of<br>
standardized ranges that will let the proxy work on most networks by<br>
default.<br>
  There is usually no need for a new custom name, just edit the list as<br>
necessary for your policy. Unless you mean something else for this<br>
custom ACL to be doing - in which case you might want to consider using<br>
a name that makes the access rules read in a more easily interpreted way.<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" \
rel="noreferrer">squid-users@lists.squid-cache.org</a><br> <a \
href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer" \
target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br> \
</blockquote></div>


[Attachment #6 (text/plain)]

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic