No subject
Sat Feb 2 07:43:15 EST 2008
click on
Schoolserver, and it launches correctly, my bilingual index.html, except=20
that my XO
doesn't show Nepali script, just rectangles instead. Here is the source:
http://www.990tony.com/olpc/index.htm
I can launch Moodle, and figured out my formatting issues. When I=20
installed Moodle,
it hard-coded the 192.168.0.77 into the /var/www/html/moodle/config.php=20
file. I changed
this to "schoolserver" and everything looks great on the XO.
However, when I select the "http://olenepal.org" link, it fails. Any=20
Browse reference=20
to Squid or Internet is denied from XO access. Access to www.990tony.com=20
failed.
I have not yet done anything with caching or dansguardian, but figured I=20
need to get these
basics done. I would like a "let everything through" version to make sure =
everything works
before are start tightening down the acl rules.
The third box, backup server, would be the repository of important items=20
from Squid
and Schoolserver, so that if either broke, it would be a matter of issuing =
a script, plugging
it in the place of the failed server, and rebooting as the new=20
replacement. I don't know
how to "backup" the squid cache contents, and am still trying to figure=20
out what else we
need to backup from the schoolserver.
If you need any more config files, or want me to capture some logs, or try =
out some
commands, please let me know.
Thanks
Tony Pearson
Senior Storage Consultant, IBM System Storage?
Telephone: +1 520-799-4309 | tie 321-4309 | Cell: +1 520 990-8669
email: tpearson at us.ibm.com | GSA: http://tucgsa.ibm.com/~tpearson
Blog: http://www.ibm.com/developerworks/blogs/page/InsideSystemStorage=20
AKA: 990tony Paravane, eightbar specialist=20
Adrian Chadd <adrian at squid-cache.org>=20
02/17/2008 06:44 PM
To
Tony Pearson/Tucson/IBM at IBMUS
cc
server-devel at lists.laptop.org, Bryan Berry <bryan at olenepal.org>, "Greg=20
Smith (gregmsmi)" <gregmsmi at cisco.com>, sulochan acharya=20
<sulochan at olenepal.org>
Subject
Re: [Server-devel] Access denied by Squid
Fire me through the config sans default comments and i'll give you a
hand.
adrian
On Sun, Feb 17, 2008, Tony Pearson wrote:
> However, when I tried to launch olenepal.org (the second link) it fails. =
I=20
> then tried to use the=20
> link from the schoolserver directly, and it fails with the same message, =
> implying the problem=20
> is in the squid server.
>=20
> ERROR: The requested URL could not be=20
> retrieved
> ERROR
>=20
> The requested URL could not be retrieved
>=20
>=20
>=20
--------------------------------------------------------------------------
>=20
> While trying to retrieve the URL: http://olenepal.org/
>=20
> The following error was encountered:
>=20
> * Access Denied.
>=20
> Access control configuration prevents your request from being=20
> allowed
> at this time. Please contact your service provider if you feel=20
this=20
> is
> incorrect.
>=20
> Your cache administrator is root.
>=20
>=20
>=20
--------------------------------------------------------------------------
>=20
> Generated Sun, 17 Feb 2008 20:23:03 GMT by squid=20
(squid/2.6.STABLE16)
>=20
> This happens with any website outside schoolserver. Squid is not=20
> running in the
> schoolserver, only on the squid machine. I do not yet have dansguardian =
> on the
> squid box, so it should permit all traffic through.
>=20
> I am at 653 level on my XO, so I will try to update to 656 to see if=20
that=20
> helps any,
> but I suspect the problem is not on the XO as much as on the squid=20
server.
>=20
> Any ideas?
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
--=_alternative 0029C1D9072573F3_=
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<br><font size=3D2 face=3D"sans-serif">Adrian,</font>
<br><font size=3D2 face=3D"sans-serif">Thanks. I am sure it is someth=
ing
simple that I just don't see.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">First, I made a few diagrams. =
Sorry,
this is sloppy graphics, did not have time to clean them up.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">This first one is the proposed Build
1 as I understand it. I left out details like IP addresses.</font>
<br><font size=3D2 face=3D"sans-serif">http://www.990tony.com/olpc/olenepal=
-build1.jpg</font>
<br>
<br><font size=3D2 face=3D"sans-serif">The second one is my test config. &n=
bsp;I
only have two computers to work with, and right now I have</font>
<br><font size=3D2 face=3D"sans-serif">one set up as squid server, and the
second as the schoolserver. I can probably buy a third</font>
<br><font size=3D2 face=3D"sans-serif">for a few hundred bucks if we need.
Otherwise, I can just try to make things work with just two.</font>
<br><font size=3D2 face=3D"sans-serif">http://www.990tony.com/olpc/tony-bui=
ld1.jpg</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Note that instead of a hub for the y=
ellow
zone, I am just using a cross-over cable, directly</font>
<br><font size=3D2 face=3D"sans-serif">from Squid-Eth1 over to SchoolServer=
-eth0.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">So, on the "Squid" box, th=
is
will be for:</font>
<br><font size=3D2 face=3D"sans-serif">(a) Caching content (/library/cache)=
</font>
<br><font size=3D2 face=3D"sans-serif">(b) Any fixed library content hosted
by Apache</font>
<br><font size=3D2 face=3D"sans-serif">(c) Dansguardian to filter inappropr=
iate
sites</font>
<br><font size=3D2 face=3D"sans-serif">(d) firewall from outside intrusion<=
/font>
<br>
<br><font size=3D2 face=3D"sans-serif">/etc/squid/squid.conf file is located
here: http://www.990tony.com/olpc/squid.conf</font>
<br><font size=3D2 face=3D"sans-serif">I removed /etc/httpd/conf.d/squid.co=
nf
and /etc/squid.conf</font>
<br><font size=3D2 face=3D"sans-serif">Apache is running with just the defa=
ult
test page. Dansgaurdian not yet installed.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">On the XS Schoolserver:</font>
<br><font size=3D2 face=3D"sans-serif">(a) Apache, PHP, MySQL and Moodle</f=
ont>
<br><font size=3D2 face=3D"sans-serif">(b) No squid, or perhaps reverse pro=
xy
(caching Moodle pages?)</font>
<br><font size=3D2 face=3D"sans-serif">(c) There are also caches for PHP and
MySQL that might improve performance</font>
<br><font size=3D2 face=3D"sans-serif">(d) Active Antennas. I have on=
e,
msh0 running at 31.07 firmware level as required.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">From 192.168.0.10 Windows XP, I am a=
ble
to SSH over to Squid (192.168.0.29) and from</font>
<br><font size=3D2 face=3D"sans-serif">there I am able to SSH to Schoolserv=
er
(10.0.0.77). From Windows XP, Firefox can see</font>
<br><font size=3D2 face=3D"sans-serif">Squid Apache test page, but cannot s=
ee
anything on Schoolserver (as it should be).</font>
<br>
<br><font size=3D2 face=3D"sans-serif">From Squid, I can ping Schoolserver,
and from schoolserver, I can ping Squid</font>
<br><font size=3D2 face=3D"sans-serif">From the XO, I can ping Schoolserver,
but not Squid. Ping hangs waiting for response.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">From Squid, I can elinks http://10.0=
.0.77
and see Apache and Moodle</font>
<br><font size=3D2 face=3D"sans-serif">From Schoolserver, I can elinks http=
://192.168.0.29
and see Apache test page</font>
<br>
<br><font size=3D2 face=3D"sans-serif">From Squid and Schoolserver, I am ab=
le
to elinks http://www.990tony.com correctly.</font>
<br><font size=3D2 face=3D"sans-serif">This is an outside webpage hosted in
Phoenix.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">The XO gets DHCP assigned to 172.18.=
11.54
from the Schoolserver, with a gateway</font>
<br><font size=3D2 face=3D"sans-serif">of 172.18.10.1 which is one on the S=
choolserver
defined IP addresses. It is "Channel 1".</font>
<br><font size=3D2 face=3D"sans-serif">I removed all WEP keys out of my XO's
"networks.cfg" file, and confirmed it is only </font>
<br><font size=3D2 face=3D"sans-serif">accessing through the mesh network c=
hannel
1 only.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">From the XO, I can launch Browse act=
ivity,
from main Google page, I can click on</font>
<br><font size=3D2 face=3D"sans-serif">Schoolserver, and it launches correc=
tly,
my bilingual index.html, except that my XO</font>
<br><font size=3D2 face=3D"sans-serif">doesn't show Nepali script, just rec=
tangles
instead. Here is the source:</font>
<br><font size=3D2 face=3D"sans-serif">http://www.990tony.com/olpc/index.ht=
m</font>
<br>
<br><font size=3D2 face=3D"sans-serif">I can launch Moodle, and figured out
my formatting issues. When I installed Moodle,</font>
<br><font size=3D2 face=3D"sans-serif">it hard-coded the 192.168.0.77 into
the /var/www/html/moodle/config.php file. I changed</font>
<br><font size=3D2 face=3D"sans-serif">this to "schoolserver" and
everything looks great on the XO.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">However, when I select the "htt=
p://olenepal.org"
link, it fails. Any Browse reference </font>
<br><font size=3D2 face=3D"sans-serif">to Squid or Internet is denied from
XO access. Access to www.990tony.com failed.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">I have not yet done anything with ca=
ching
or dansguardian, but figured I need to get these</font>
<br><font size=3D2 face=3D"sans-serif">basics done. I would like a &q=
uot;let
everything through" version to make sure everything works</font>
<br><font size=3D2 face=3D"sans-serif">before are start tightening down the
acl rules.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">The third box, backup server, would
be the repository of important items from Squid</font>
<br><font size=3D2 face=3D"sans-serif">and Schoolserver, so that if either
broke, it would be a matter of issuing a script, plugging</font>
<br><font size=3D2 face=3D"sans-serif">it in the place of the failed server,
and rebooting as the new replacement. I don't know</font>
<br><font size=3D2 face=3D"sans-serif">how to "backup" the squid
cache contents, and am still trying to figure out what else we</font>
<br><font size=3D2 face=3D"sans-serif">need to backup from the schoolserver=
.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">If you need any more config files, or
want me to capture some logs, or try out some</font>
<br><font size=3D2 face=3D"sans-serif">commands, please let me know.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Thanks<br>
</font>
<table>
<tr>
<td>
<tr>
<td><font size=3D1><br>
</font>
<table>
<tr>
<td>
<td><font size=3D1 color=3D#0060a0 face=3D"Microsoft Sans Serif"><b>Tony Pe=
arson</b></font><font size=3D1 face=3D"Microsoft Sans Serif"><br>
Senior Storage Consultant, IBM System Storage™<br>
Telephone: +1 520-799-4309 | tie 321-4309 | Cell: +1 520 990-86=
69<br>
email: tpearson at us.ibm.com | GSA: http://tucgsa.ibm.com/~tpearson<br>
Blog: http://www.ibm.com/developerworks/blogs/page/InsideSystemStorage
AKA: 990tony Paravane, eightbar specialist </font></table>
<br>
<tr>
<td></table>
<br>
<br>
<br>
<br>
<table width=3D100%>
<tr valign=3Dtop>
<td width=3D40%><font size=3D1 face=3D"sans-serif"><b>Adrian Chadd <adri=
an at squid-cache.org></b>
</font>
<p><font size=3D1 face=3D"sans-serif">02/17/2008 06:44 PM</font>
<td width=3D59%>
<table width=3D100%>
<tr valign=3Dtop>
<td>
<div align=3Dright><font size=3D1 face=3D"sans-serif">To</font></div>
<td><font size=3D1 face=3D"sans-serif">Tony Pearson/Tucson/IBM at IBMUS</font>
<tr valign=3Dtop>
<td>
<div align=3Dright><font size=3D1 face=3D"sans-serif">cc</font></div>
<td><font size=3D1 face=3D"sans-serif">server-devel at lists.laptop.org, Bryan
Berry <bryan at olenepal.org>, "Greg Smith (gregmsmi)" <gre=
gmsmi at cisco.com>,
sulochan acharya <sulochan at olenepal.org></font>
<tr valign=3Dtop>
<td>
<div align=3Dright><font size=3D1 face=3D"sans-serif">Subject</font></div>
<td><font size=3D1 face=3D"sans-serif">Re: [Server-devel] Access denied by
Squid</font></table>
<br>
<table>
<tr valign=3Dtop>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=3D2><br>
Fire me through the config sans default comments and i'll give you a<br>
hand.<br>
<br>
<br>
<br>
adrian<br>
<br>
On Sun, Feb 17, 2008, Tony Pearson wrote:<br>
<br>
> However, when I tried to launch olenepal.org (the second link) it
fails. I <br>
> then tried to use the <br>
> link from the schoolserver directly, and it fails with the same messag=
e,
<br>
> implying the problem <br>
> is in the squid server.<br>
> <br>
>
ERROR: The requested URL could
not be <br>
> retrieved<br>
>
ERROR<br>
> <br>
> The requested URL could not be retrieved<br>
> <br>
> <br>
> ----------------------------------------------------------------------=
----<br>
> <br>
> While trying to retrieve the URL: http://olenepal.org/<br>
> <br>
> The following error was encountered:<br>
> <br>
> * Access Denied.<br>
> <br>
> Access control configuration prevents your
request from being <br>
> allowed<br>
> at this time. Please contact your service
provider if you feel this <br>
> is<br>
> incorrect.<br>
> <br>
> Your cache administrator is root.<br>
> <br>
> <br>
> ----------------------------------------------------------------------=
----<br>
> <br>
> Generated Sun, 17 Feb 2008 20:23:03 GMT by squid (squid/=
2.6.STABLE16)<br>
> <br>
> This happens with any website outside schoolserver. Squid
is not <br>
> running in the<br>
> schoolserver, only on the squid machine. I do not yet have dansg=
uardian
<br>
> on the<br>
> squid box, so it should permit all traffic through.<br>
> <br>
> I am at 653 level on my XO, so I will try to update to 656 to see
if that <br>
> helps any,<br>
> but I suspect the problem is not on the XO as much as on the squid
server.<br>
> <br>
> Any ideas?<br>
<br>
<br>
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F<br>
> Server-devel mailing list<br>
> Server-devel at lists.laptop.org<br>
> http://lists.laptop.org/listinfo/server-devel<br>
<br>
</font></tt>
<br>
--=_alternative 0029C1D9072573F3_=--
More information about the Server-devel
mailing list