Topic: Need help with editing template for squid.conf

[Dirk]

I upgraded squid to squid-2.5.STABLE4-2.norlug.i386.rpm

Everything seems to work fine.
I only get a error message.

error:
------------------------------------------------------
2004/04/18 04:07:36| WARNING: '192.168.1.0/255.255.255.0' is a subnetwork of '192.168.1.0/255.255.255.0'
2004/04/18 04:07:36| WARNING: because of this '192.168.1.0/255.255.255.0' is ignored to keep splay tree searching predictable
2004/04/18 04:07:36| WARNING: You should probably remove '192.168.1.0/255.255.255.0' from the ACL named 'localsrc'
2004/04/18 04:07:36| WARNING: '192.168.1.0/255.255.255.0' is a subnetwork of '192.168.1.0/255.255.255.0'
2004/04/18 04:07:36| WARNING: because of this '192.168.1.0/255.255.255.0' is ignored to keep splay tree searching predictable
2004/04/18 04:07:36| WARNING: You should probably remove '192.168.1.0/255.255.255.0' from the ACL named 'localdst'
------------------------------------------------------
So i look in squid.conf and see

acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0

Figure it has to do with ip and subnet printed twice.

The question is how do i edit 20ACL10localhost so that ip / subnet is printed only one time.

Dirk

[bobk]

----------------------------------------------
So i look in squid.conf and see

acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0

Figure it has to do with ip and subnet printed twice.
...

I just checked 2 SME 6.0.1-01 machines and both have the exactly the same entries in squid.conf.

[Dirk]

This is correct for squid 2.4 but version 2.5 is complaining about the ip/subnet notation twice.

Thats what i wannna change...

Dirk

[guest]

this was listed as a bug in 6.0beta3, guess it wasn't fixed.  Just edit the lines manually and restart the service.  Editing the template fragments does no good, the problem does not lie there.

HTH

[bobk]

The template fragments are located in /etc/e-smith/templates/etc/squid/squid.conf/

Copy 20ACL10localhost to /etc/e-smith/templates/etc/squid/squid.conf/. Then go there and edit 20ACL10localhost by removing line 9 and save.

The results should look like this.

Code: [Select]

{
    use esmith::util;

    my %networks;
    tie %networks, 'esmith::config', '/home/e-smith/networks';

    my ($network, $broadcast) =
esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);

    foreach my $network
(grep { db_get_type(\%networks, $_) eq "network" } db_get(\%networks))
    {
my $mask = db_get_prop(\%networks, $network, 'Mask')
   || "255.255.255.0";
$localAccess .= " " .
   esmith::util::computeLocalNetworkSpec ($network, $mask);
    }

    $OUT .= "acl localsrc src $localAccess\n";
    $OUT .= "acl localdst dst $localAccess";
}


Expand the template and your /etc/squid/squid.conf file should look like this.

Code: [Select]


#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# SME Server software. Instead, modify the source template in
# an /etc/e-smith/templates-custom directory. For more
# information, see http://www.e-smith.org/custom/
#
# copyright (C) 1999-2003 Mitel Networks Corporation
#------------------------------------------------------------


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localsrc src  192.168.123.0/255.255.255.0
acl localdst dst  192.168.123.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
append_domain .mabit.net
cache_mgr admin@yourdomain.xxx
ftp_user nobody@yourdomain.xxx
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB
always_direct allow webdav
always_direct allow all


I hope this is what you are looking to accomplish.

[Dirk]

Txs that worked but that removed "localhost" also.

Any issues there?

[Dirk]

removed this code...

   foreach my $network
   (grep { db_get_type(\%networks, $_) eq "network" } db_get(\%networks))
    {
   my $mask = db_get_prop(\%networks, $network, 'Mask')
       || "255.255.255.0";
   $localAccess .= " " .
       esmith::util::computeLocalNetworkSpec ($network, $mask);
    }

then i got...

acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0

what i wanted  

Txs for the help

[Dirk]

Ok tested it squid 2.5 working fine now!  

[albatroz]

Hi!
I also need to modify squid.conf templates but to include some ACLs for restricting access to Internet.

Can somebody point me which files should I edit?