RE: Same Proxy, two different networks

> ----------
> From: Cesar Brod[SMTP:cesar@univates.br]
> Sent: Montag, 26. Oktober 1998 20:57
> To: squid-users@ircache.net
> Cc: fabio@fates.tche.br; Cesar Brod; sbrod@bewnet.com.br
> Subject: Same Proxy, two different networks
>
> Hello Squid-Users
>  
        [snip]
> The way we think would be best is to have all users browsers configured to
> use the same proxy, and then route requests to the two different networks
> deppending on the user's IP. It means an internal user will get to the
> proxy, and if the page requestes is not cached the request will be
> directed to the Universities network. Likewise, an external user will have
> its browser configured to use the same proxy, but its requests will be
> routed to the Embratel network.
>  
> We are asking these questions after a lot of research and not finding any
> easy answer -- if there is such a thing -- and any new information is
> extremely welcome.
>
        Hi Cesar, 
        we do a similar thing at the site, here. There are two different
internet connections,
        and an intranet. Some users may go to the internet, and everybody
may us the intranet.
        The internet users will be accounted. Ah, I forgot to mention the
firewall(s).

        So I set up two parents for the internet. For practical reasons I
set up several
        internal machines in the intranet which handle the customer load,
ie. the Mozilla
        browsers connect to that machines, directly.

        On each internal machine there run two instances of Squid. One
instance has direct connection to the intranet, only and the other forwards
_each_ request to one of the intranet or the internet servers.

        This latter server instance that can handle everyting allows only
users that have a
        valid account (username/password) to connect, whereas the other is
for everybody that
        has access to the intranet.

        The browsers connecting to the internal machines are driven by an
auto proxy scheme
        that works roughly like

                if you would like to connect to the internet
                        connect to the internet instance
                else
                        if your own ip-address is already in the intranet
                                connect directly
                        else
                                connect throug the firewall via the intranet
instance

        There are many details on weirdnesses that are handled by this
scheme as non rfc 1918 adresses, internet and intranet domain name
collisions (run by several departments)
        etc.

        Maybe this gives you some more ideas
        jordan
Received on Tue Oct 27 1998 - 00:54:27 MST