<br><font size=2 face="sans-serif">Adrian,</font>
<br><font size=2 face="sans-serif">Thanks. I am sure it is something
simple that I just don't see.</font>
<br>
<br><font size=2 face="sans-serif">First, I made a few diagrams. Sorry,
this is sloppy graphics, did not have time to clean them up.</font>
<br>
<br><font size=2 face="sans-serif">This first one is the proposed Build
1 as I understand it. I left out details like IP addresses.</font>
<br><font size=2 face="sans-serif">http://www.990tony.com/olpc/olenepal-build1.jpg</font>
<br>
<br><font size=2 face="sans-serif">The second one is my test config. I
only have two computers to work with, and right now I have</font>
<br><font size=2 face="sans-serif">one set up as squid server, and the
second as the schoolserver. I can probably buy a third</font>
<br><font size=2 face="sans-serif">for a few hundred bucks if we need.
Otherwise, I can just try to make things work with just two.</font>
<br><font size=2 face="sans-serif">http://www.990tony.com/olpc/tony-build1.jpg</font>
<br>
<br><font size=2 face="sans-serif">Note that instead of a hub for the yellow
zone, I am just using a cross-over cable, directly</font>
<br><font size=2 face="sans-serif">from Squid-Eth1 over to SchoolServer-eth0.</font>
<br>
<br><font size=2 face="sans-serif">So, on the "Squid" box, this
will be for:</font>
<br><font size=2 face="sans-serif">(a) Caching content (/library/cache)</font>
<br><font size=2 face="sans-serif">(b) Any fixed library content hosted
by Apache</font>
<br><font size=2 face="sans-serif">(c) Dansguardian to filter inappropriate
sites</font>
<br><font size=2 face="sans-serif">(d) firewall from outside intrusion</font>
<br>
<br><font size=2 face="sans-serif">/etc/squid/squid.conf file is located
here: http://www.990tony.com/olpc/squid.conf</font>
<br><font size=2 face="sans-serif">I removed /etc/httpd/conf.d/squid.conf
and /etc/squid.conf</font>
<br><font size=2 face="sans-serif">Apache is running with just the default
test page. Dansgaurdian not yet installed.</font>
<br>
<br><font size=2 face="sans-serif">On the XS Schoolserver:</font>
<br><font size=2 face="sans-serif">(a) Apache, PHP, MySQL and Moodle</font>
<br><font size=2 face="sans-serif">(b) No squid, or perhaps reverse proxy
(caching Moodle pages?)</font>
<br><font size=2 face="sans-serif">(c) There are also caches for PHP and
MySQL that might improve performance</font>
<br><font size=2 face="sans-serif">(d) Active Antennas. I have one,
msh0 running at 31.07 firmware level as required.</font>
<br>
<br><font size=2 face="sans-serif">From 192.168.0.10 Windows XP, I am able
to SSH over to Squid (192.168.0.29) and from</font>
<br><font size=2 face="sans-serif">there I am able to SSH to Schoolserver
(10.0.0.77). From Windows XP, Firefox can see</font>
<br><font size=2 face="sans-serif">Squid Apache test page, but cannot see
anything on Schoolserver (as it should be).</font>
<br>
<br><font size=2 face="sans-serif">From Squid, I can ping Schoolserver,
and from schoolserver, I can ping Squid</font>
<br><font size=2 face="sans-serif">From the XO, I can ping Schoolserver,
but not Squid. Ping hangs waiting for response.</font>
<br>
<br><font size=2 face="sans-serif">From Squid, I can elinks http://10.0.0.77
and see Apache and Moodle</font>
<br><font size=2 face="sans-serif">From Schoolserver, I can elinks http://192.168.0.29
and see Apache test page</font>
<br>
<br><font size=2 face="sans-serif">From Squid and Schoolserver, I am able
to elinks http://www.990tony.com correctly.</font>
<br><font size=2 face="sans-serif">This is an outside webpage hosted in
Phoenix.</font>
<br>
<br><font size=2 face="sans-serif">The XO gets DHCP assigned to 172.18.11.54
from the Schoolserver, with a gateway</font>
<br><font size=2 face="sans-serif">of 172.18.10.1 which is one on the Schoolserver
defined IP addresses. It is "Channel 1".</font>
<br><font size=2 face="sans-serif">I removed all WEP keys out of my XO's
"networks.cfg" file, and confirmed it is only </font>
<br><font size=2 face="sans-serif">accessing through the mesh network channel
1 only.</font>
<br>
<br><font size=2 face="sans-serif">From the XO, I can launch Browse activity,
from main Google page, I can click on</font>
<br><font size=2 face="sans-serif">Schoolserver, and it launches correctly,
my bilingual index.html, except that my XO</font>
<br><font size=2 face="sans-serif">doesn't show Nepali script, just rectangles
instead. Here is the source:</font>
<br><font size=2 face="sans-serif">http://www.990tony.com/olpc/index.htm</font>
<br>
<br><font size=2 face="sans-serif">I can launch Moodle, and figured out
my formatting issues. When I installed Moodle,</font>
<br><font size=2 face="sans-serif">it hard-coded the 192.168.0.77 into
the /var/www/html/moodle/config.php file. I changed</font>
<br><font size=2 face="sans-serif">this to "schoolserver" and
everything looks great on the XO.</font>
<br>
<br><font size=2 face="sans-serif">However, when I select the "http://olenepal.org"
link, it fails. Any Browse reference </font>
<br><font size=2 face="sans-serif">to Squid or Internet is denied from
XO access. Access to www.990tony.com failed.</font>
<br>
<br><font size=2 face="sans-serif">I have not yet done anything with caching
or dansguardian, but figured I need to get these</font>
<br><font size=2 face="sans-serif">basics done. I would like a "let
everything through" version to make sure everything works</font>
<br><font size=2 face="sans-serif">before are start tightening down the
acl rules.</font>
<br>
<br><font size=2 face="sans-serif">The third box, backup server, would
be the repository of important items from Squid</font>
<br><font size=2 face="sans-serif">and Schoolserver, so that if either
broke, it would be a matter of issuing a script, plugging</font>
<br><font size=2 face="sans-serif">it in the place of the failed server,
and rebooting as the new replacement. I don't know</font>
<br><font size=2 face="sans-serif">how to "backup" the squid
cache contents, and am still trying to figure out what else we</font>
<br><font size=2 face="sans-serif">need to backup from the schoolserver.</font>
<br>
<br><font size=2 face="sans-serif">If you need any more config files, or
want me to capture some logs, or try out some</font>
<br><font size=2 face="sans-serif">commands, please let me know.</font>
<br>
<br><font size=2 face="sans-serif">Thanks<br>
</font>
<table>
<tr>
<td>
<tr>
<td><font size=1><br>
</font>
<table>
<tr>
<td>
<td><font size=1 color=#0060a0 face="Microsoft Sans Serif"><b>Tony Pearson</b></font><font size=1 face="Microsoft Sans Serif"><br>
Senior Storage Consultant, IBM System Storage™<br>
Telephone: +1 520-799-4309 | tie 321-4309 | Cell: +1 520 990-8669<br>
email: tpearson@us.ibm.com | GSA: http://tucgsa.ibm.com/~tpearson<br>
Blog: http://www.ibm.com/developerworks/blogs/page/InsideSystemStorage
AKA: 990tony Paravane, eightbar specialist </font></table>
<br>
<tr>
<td></table>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Adrian Chadd <adrian@squid-cache.org></b>
</font>
<p><font size=1 face="sans-serif">02/17/2008 06:44 PM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">Tony Pearson/Tucson/IBM@IBMUS</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif">server-devel@lists.laptop.org, Bryan
Berry <bryan@olenepal.org>, "Greg Smith (gregmsmi)" <gregmsmi@cisco.com>,
sulochan acharya <sulochan@olenepal.org></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [Server-devel] Access denied by
Squid</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2><br>
Fire me through the config sans default comments and i'll give you a<br>
hand.<br>
<br>
<br>
<br>
adrian<br>
<br>
On Sun, Feb 17, 2008, Tony Pearson wrote:<br>
<br>
> However, when I tried to launch olenepal.org (the second link) it
fails. I <br>
> then tried to use the <br>
> link from the schoolserver directly, and it fails with the same message,
<br>
> implying the problem <br>
> is in the squid server.<br>
> <br>
>
ERROR: The requested URL could
not be <br>
> retrieved<br>
>
ERROR<br>
> <br>
> The requested URL could not be retrieved<br>
> <br>
> <br>
> --------------------------------------------------------------------------<br>
> <br>
> While trying to retrieve the URL: http://olenepal.org/<br>
> <br>
> The following error was encountered:<br>
> <br>
> * Access Denied.<br>
> <br>
> Access control configuration prevents your
request from being <br>
> allowed<br>
> at this time. Please contact your service
provider if you feel this <br>
> is<br>
> incorrect.<br>
> <br>
> Your cache administrator is root.<br>
> <br>
> <br>
> --------------------------------------------------------------------------<br>
> <br>
> Generated Sun, 17 Feb 2008 20:23:03 GMT by squid (squid/2.6.STABLE16)<br>
> <br>
> This happens with any website outside schoolserver. Squid
is not <br>
> running in the<br>
> schoolserver, only on the squid machine. I do not yet have dansguardian
<br>
> on the<br>
> squid box, so it should permit all traffic through.<br>
> <br>
> I am at 653 level on my XO, so I will try to update to 656 to see
if that <br>
> helps any,<br>
> but I suspect the problem is not on the XO as much as on the squid
server.<br>
> <br>
> Any ideas?<br>
<br>
<br>
> _______________________________________________<br>
> Server-devel mailing list<br>
> Server-devel@lists.laptop.org<br>
> http://lists.laptop.org/listinfo/server-devel<br>
<br>
</font></tt>
<br>