Problems with ACL and some prefixes
Piotr Teodorowski
piotr.teodorowski at contium.pl
Wed Aug 18 11:45:01 CEST 2010
On Wednesday 18 of August 2010 11:31:55 Liaan vd Merewe wrote:
> Piotr
> According to strict IP rules, you not allowed to supernet a 192.168.0.0
> range(its class C range).. so /22 on 192.168.0.0 is prohibited.
>
> I don't know if that is the cause of your problem, can you maybe test on
> a 10.x.x.x range?
Yes - that's it
It works with range 10.0.0.0/22
Thanks.
Piotr Teodorowski
>
> cheers
> L:
>
> On 18/08/2010 11:00 AM, Piotr Teodorowski wrote:
> > Hey,
> >
> > I've noticed some problems with ACL's (which doesn't work for me for most
> > subnet prefixes)
> >
> > my config:
> > acl prd {
> > "192.168.0.0"/22;
> > ! "192.168.1.110";
> > }
> >
> > varnishlog -i VCL_acl,ReqStart
> > 12 ReqStart c 192.168.0.12 48855 1353135783
> > 12 VCL_acl c MATCH prd 192.168.0.0/22
> > 12 ReqStart c 192.168.1.91 52266 1353135784
> > 12 VCL_acl c NO_MATCH prd
> >
> > acl prd works only for subnet 192.168.0.0/24 not /22
> >
> > if I change my configuration to
> > acl prd {
> > "192.168.0.0"/24;
> > "192.168.1.0"/24;
> > "192.168.2.0"/24;
> > "192.168.3.0"/24;
> > ! "192.168.1.110";
> > }
> > it seems to work fine (also it works, if I use prefix /16).
> >
> > I've varnish from debian squeeze:
> > varnishd -V
> > varnishd (varnish-2.1.2 SVN b8c9904)
> > Copyright (c) 2006-2009 Linpro AS / Verdens Gang AS
> >
> > Am I doing something wrong?
> >
> > Piotr Teodorowski
> >
> > _______________________________________________
> > varnish-misc mailing list
> > varnish-misc at varnish-cache.org
> > http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
>
More information about the varnish-misc
mailing list