Уважаемые гуру нужна ваша помощь!
Есть сети:
10.37.75.0/24 - сеть где стои SQUID
10.37.46.0/24 -сеть филиалов
10.37.68.0/24 -сеть филиалов
10.37.76.0/24 -сеть филиалов
Сети объедены через ipsec туннели в CISCO, между подсетями все порты открыты и видят друг друга хорошо.
SQUID настроен и нормально работает в своей подсети 10.37.75.0 авторизация доменная, но не работает из других подсетей.
Пробовал IP авторизацию все равно в своей подсети работает а из других подсетей нет.
В логе пишет :
1366606961.977 25 10.37.68.3 TCP_DENIED/407 4024 GET
http://www.ya.ru/ - NONE/- text/html
1366606984.077 277 10.37.68.3 TCP_DENIED/407 4740 POST
http://safebrowsing.clients.google.com/safebrowsing/downloads? - NONE/- text/html
1366606994.421 20 10.37.68.3 TCP_DENIED/407 3975 GET
http://google.ru/ - NONE/- text/html
Не пойму в чем проблема, думал из за автризации сделал по IP. Такая же ситуация
Конфиг SQUID:
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 30
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl FK proxy_auth REQUIRED
acl localnet src 10.37.46.0/24
acl localnet src 10.37.68.0/24
acl localnet src 10.37.76.0/24
external_acl_type gr_it %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
acl inet_it external gr_it FK\\it
external_acl_type gr_oik %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
acl inet_kmoik external gr_oik FK\\ imanagers
external_acl_type gr_ogk %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
acl inet_kmogk external gr_ogk FK\\grmanagers
acl banner url_regex -i "/usr/local/etc/squid/db/banner" #banners
acl porn url_regex -i "/usr/local/etc/squid/db/porn" #porn
acl games url_regex -i "/usr/local/etc/squid/db/games" #games
acl prox url_regex -i "/usr/local/etc/squid/db/prox" #proxy
acl forum url_regex -i "/usr/local/etc/squid/db/forum" #forums
acl ru url_regex -i "/usr/local/etc/squid/db/ru"
acl media url_regex -i "/usr/local/etc/squid/db/media"
acl audio-video rep_mime_type audio/mpeg
acl audio-video rep_mime_type ^audio/mpeg$
acl audio-video rep_mime_type video/mpeg
acl audio-video rep_mime_type ^video/mpeg$
acl audio-video rep_mime_type video/quicktime
acl audio-video rep_mime_type ^video/quicktime$
acl audio-video rep_mime_type video/x-msvideo
acl audio-video rep_mime_type ^video/x-msvideo$
acl streams rep_header Content-Type -i mp?$
acl streams rep_header Content-Type -i ^video/x-mp4$
acl streams rep_header Content-Type -i ^video/mp4$
acl swf rep_mime_type -i ^application/x-shockwave-flash$
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny audio-video
http_access deny streams
http_access deny swf
http_access deny ru
http_access deny media
http_access deny porn
http_access deny banner
http_access deny prox
http_access deny forum
http_access allow manager localhost
http_access allow inet_it
http_access allow inet_kmoik
http_access allow inet_kmogk
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_port 3128
tcp_outgoing_address 0.0.0.0 localnet
cache_mem 100 MB
cache_dir ufs /var/squid/cache 100 16 256
access_log /var/log/squid/stat/access.log squid
logfile_rotate 10
coredump_dir /var/squid/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
error_directory /usr/local/etc/squid/errors/ru
dns_children 30
dns_nameservers 213.145.129.19 213.145.129.20
hosts_file /etc/hosts
append_domain .fk.local