Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Dirk on April 18, 2004, 01:59:35 PM

Title: Need help with editing template for squid.conf
Post by: Dirk on April 18, 2004, 01:59:35 PM

I upgraded squid to squid-2.5.STABLE4-2.norlug.i386.rpm

Everything seems to work fine.
I only get a error message.

error:
------------------------------------------------------
2004/04/18 04:07:36| WARNING: '192.168.1.0/255.255.255.0' is a subnetwork of '192.168.1.0/255.255.255.0'
2004/04/18 04:07:36| WARNING: because of this '192.168.1.0/255.255.255.0' is ignored to keep splay tree searching predictable
2004/04/18 04:07:36| WARNING: You should probably remove '192.168.1.0/255.255.255.0' from the ACL named 'localsrc'
2004/04/18 04:07:36| WARNING: '192.168.1.0/255.255.255.0' is a subnetwork of '192.168.1.0/255.255.255.0'
2004/04/18 04:07:36| WARNING: because of this '192.168.1.0/255.255.255.0' is ignored to keep splay tree searching predictable
2004/04/18 04:07:36| WARNING: You should probably remove '192.168.1.0/255.255.255.0' from the ACL named 'localdst'
------------------------------------------------------
So i look in squid.conf and see

acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0

Figure it has to do with ip and subnet printed twice.

The question is how do i edit 20ACL10localhost so that ip / subnet is printed only one time.

Dirk

Title: Re: Need help with editing template for squid.conf
Post by: bobk on April 18, 2004, 04:07:42 PM

Quote from: "Dirk"

----------------------------------------------
So i look in squid.conf and see

acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0 192.168.1.0/255.255.255.0

Figure it has to do with ip and subnet printed twice.
...

I just checked 2 SME 6.0.1-01 machines and both have the exactly the same entries in squid.conf.

Title: Need help with editing template for squid.conf
Post by: Dirk on April 18, 2004, 06:12:08 PM

This is correct for squid 2.4 but version 2.5 is complaining about the ip/subnet notation twice.

Thats what i wannna change...

Dirk

Title: ip subnet in squid.conf
Post by: guest on April 18, 2004, 06:23:40 PM

this was listed as a bug in 6.0beta3, guess it wasn't fixed.  Just edit the lines manually and restart the service.  Editing the template fragments does no good, the problem does not lie there.

HTH

Title: Need help with editing template for squid.conf
Post by: bobk on April 18, 2004, 07:15:03 PM

The template fragments are located in /etc/e-smith/templates/etc/squid/squid.conf/

Copy 20ACL10localhost to /etc/e-smith/templates/etc/squid/squid.conf/. Then go there and edit 20ACL10localhost by removing line 9 and save.

The results should look like this.

Code: [Select]

{
    use esmith::util;

    my %networks;
    tie %networks, 'esmith::config', '/home/e-smith/networks';

    my ($network, $broadcast) =
esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);

    foreach my $network
(grep { db_get_type(\%networks, $_) eq "network" } db_get(\%networks))
    {
my $mask = db_get_prop(\%networks, $network, 'Mask')
   || "255.255.255.0";
$localAccess .= " " .
   esmith::util::computeLocalNetworkSpec ($network, $mask);
    }

    $OUT .= "acl localsrc src $localAccess\n";
    $OUT .= "acl localdst dst $localAccess";
}


Expand the template and your /etc/squid/squid.conf file should look like this.

Code: [Select]


#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# SME Server software. Instead, modify the source template in
# an /etc/e-smith/templates-custom directory. For more
# information, see http://www.e-smith.org/custom/
#
# copyright (C) 1999-2003 Mitel Networks Corporation
#------------------------------------------------------------


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localsrc src  192.168.123.0/255.255.255.0
acl localdst dst  192.168.123.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
append_domain .mabit.net
cache_mgr admin@yourdomain.xxx
ftp_user nobody@yourdomain.xxx
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB
always_direct allow webdav
always_direct allow all


I hope this is what you are looking to accomplish.

Title: Need help with editing template for squid.conf
Post by: Dirk on April 18, 2004, 07:36:31 PM

Txs that worked but that removed "localhost" also.

Any issues there?

Title: Need help with editing template for squid.conf
Post by: Dirk on April 18, 2004, 07:42:04 PM

removed this code...

   foreach my $network
   (grep { db_get_type(\%networks, $_) eq "network" } db_get(\%networks))
    {
   my $mask = db_get_prop(\%networks, $network, 'Mask')
       || "255.255.255.0";
   $localAccess .= " " .
       esmith::util::computeLocalNetworkSpec ($network, $mask);
    }

then i got...

acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0

what i wanted  :-D

Txs for the help

Title: Need help with editing template for squid.conf
Post by: Dirk on April 18, 2004, 07:48:31 PM

Ok tested it squid 2.5 working fine now!  :pint:

Title: Need help with editing template for squid.conf
Post by: albatroz on September 29, 2004, 06:01:30 PM

Hi!
I also need to modify squid.conf templates but to include some ACLs for restricting access to Internet.

Can somebody point me which files should I edit?