Доступ в интернет через squid
Есть:
adsl модем, подключенный к серверу по локальной сети
Сервер (debian) подключенный через VPN к интернету.
Локальная сеть
squid 2.5 stable9
Нужно: чтобы пользователи из локальной сети ходили в нет через прокси
с авторизацией.
Проблема -- squid не пускает никого, даже если указано
acl all src 0.0.0.0/0.0.0.0
http_access allow all
При попытке войти и в вышеуказанном случае, и в случае если
пользователи прописаны пишет что:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://debian.org/
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed
at this time. Please contact your service provider if you feel this is
incorrect.
Your cache administrator is webmaster.
Что я не так делаю?
Конфиг сквида:
http_port 3128
icp_port 0
htcp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 8 KB
ipcache_size 2048
ipcache_low 90
ipcache_high 95
сache_dir ufs /var/spool/squid 1024 16 256
cache_access_log /var/log/squid/access.log
сache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
log_ip_on_direct on
# TAG: client_netmask
#A netmask for client addresses in logfiles and cachemgr output.
#Change this to protect the privacy of your cache clients.
#A netmask of 255.255.255.0 will log all IP's in that range with
#the last digit set to '0'.
#
#Default:
# client_netmask 255.255.255.255
ftp_list_width 32
ftp_passive on
dns_nameservers 81.25.32.34 81.25.32.9
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 30 seconds
client_lifetime 1 day
half_closed_clients on
ident_timeout 10 seconds
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
#auth_param basic chilren 5
auth_param basic realm server
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443 563# https, snews
acl Safe_ports port 70# gopher
acl Safe_ports port 210# wais
acl Safe_ports port 1025-65535# unregistered ports
acl Safe_ports port 280# http-mgmt
acl Safe_ports port 488# gss-http
acl Safe_ports port 591# filemaker
acl Safe_ports port 777# multiling http
acl Safe_ports port 901# SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl user src 192.168.55.0/255.255.255.0
http_access deny manager all
http_access allow user
http_access deny all
#http_access deny !slon
#
# Only allow cachemgr access from localhost
##http_access allow manager localhost slon
##http_access deny manager
# Only allow purge requests from localhost
##http_access allow purge localhost slon
##http_access deny purge
# Deny requests to unknown ports
##http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
##http_access deny CONNECT !SSL_ports
icp_access allow all
cache_mgr webmaster
cache_effective_user proxy
cache_effective_group proxy
visible_hostname server
httpd_accel_port 80
# httpd_accel_with_proxy off
dns_testnames adsl.by debian.org kernel.org
# forwarded_for on
# error_directory /usr/lib/squid/errors/English
snmp_port 3401
snmp_access allow all
# ie_refresh off
http_port 3128
httpd_accel_with_proxy off
httpd_accel_uses_host_header off
visible_hostname server
hierarchy_stoplist cgi-bin chat
Reply to: