Peter Robinson wrote:
> Hi Guys,
>
> I have an interesting one for you. Not sure if its possible or not. I need
> to run squid for a network that needs to access to two different networks
> through the proxy server. One is a extranet of one of our suppliers, and
> the other is a standard internet connection. We currently have access to
> the suppliers network through a standard ppp dialup connection that acts
> just like an internet connection. The server establishes a PPP connection,
> assigns IPs and DNS and then your browse through a standard internet
> connection to a URL using a stardard domain name (that isn't available via
> the internet but is real and registered to the supplier) just as if on a
> small internet. Fairly simple. But I need to be able to tell squid (using
> access lists or something) to use this interface (say ppp0) for all urls
> based on domainx.com and send everything else via the default route (say
> eth1 - DSL connection). The clients are on 4 different Networks all
> connected via either ISDN or Frame Relay - but this doesn't matter as they
> all have access to the squid proxy anyway. Squid works just fine if
> configured for either connection alone. So I can use squid for allowing
> multiple people to acces just the extranet or just the internet but
> haven't succeeded for both.
>
> Wierd hey. Any ideas?? Any questions??
Not weird at all Peter, and far easier than some of the multi-route
configurations that have been discussed here in the past (like
satellite-downlink, plus land uplink/downlink, with splitting based on
source IP and/or type of service etc.).
The fun part about your configuration (or boring, depending on whether a
simple solution is fun for you) is that Squid doesn't even need to know
about your different networks. Your problem is why route tables exist.
Add a static route something like this, if using Linux:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.254
Where 192.168.1.0 is the non-internet network you need to reach--if it
is just a single host, you can leave off the netmask and -net parts.
192.168.1.254 will be the gateway router that is given to your PPP link
when it connects (check ifconfig if you don't know what the gateway IP
for the ppp device is).
Make sure the PPP link isn't automatically configuring that link as your
primary internet gateway, though. That would lead to another set of
problems...but is easily remedied by correcting the default gateway. (
'man route' will be helpful here )
This method of choosing the route is a lot simpler than convincing Squid
to choose interfaces--and it works for all traffic of all types, not
just web traffic.
Good luck. And beware that the Linux route command has a somewhat
different syntax than BSD-like Unices, if you're using something other
than Linux. Check with your system documentation before embarking on
route changes. Either way, route can be confusing so read up, and don't
be afraid to experiment.
-- Joe Cooper <joe@swelltech.com> http://www.swelltech.com Web Caching Appliances and SupportReceived on Thu Jan 10 2002 - 05:06:52 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:48 MST