Join Log in
Score:2
mylan avatar Server

squid: Unable to allow 10.10.11.0/24 but 10.10.11.0/23 works

sg flag
mylan

Im unable to make a working acl with CIDR over `/23`
(squid 5.7 on Debian)
For example i got this config (working): 
acl servers src 10.10.11.0/23
http_access allow servers
...    
http_access deny all

Now i change /23 to /24 and my client on 10.10.11.130 gets Forbidden 403
I have tried 10.10.11.130/32 aswell

Theres nothing other named "servers" or something like this in the config.

What am i doing wrong?

Logs on /23:

TCP_MISS/200

Logs on /24:

TCP_DENIED/403
41
1 + 3
djdomi avatar
za flag
djdomi
have you tried standard cidr like /8 /16? I mean some wired bug existed that only allowed to use cidr that can be halfed by 2 (devided)
1
Reply
mylan avatar
sg flag
mylan
/8 /9 /10 /12 /16 /22 all working. Not working: 10.10.11.0/24, 10.10.11.128/25, 10.10.11.128/26 (for example) 10.10.11.130/32 not working.
0
Reply
djdomi avatar
za flag
djdomi
please edit your question instead writing into the commentary section please
0
Reply
Score:1
mylan avatar Server
sg flag
mylan

I solved it after debugging the connection with tcpdump.. Every request was NATed..and asked by my openwrt router and not the device (10.10.11.130) After disabling NATing for this Network the request came from the real device:

NAT:

router > fwproxy 3128

No NAT:

10.10.10.130 > fwproxy 3128
+ 1
djdomi avatar
za flag
djdomi
omg thats some kind of errors, where you really dislike your own equipment ;)
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.