Re: [squid-users] transparent proxy forward to authenticating proxy

ons 2003-03-05 klockan 16.42 skrev Josh Kuperman:

> 1. Just use the Linksys wifi cable DSL routers to provide access on
> the wireless network and stick a tiny linux box with two nics
> running squid to transparently proxy and use my the big squid as a
> parent. Added advantage they are completely excluded from anything
> on the insdide network that is not secured.

This one looks like the best alternative. Or to have the public access
routers on a separate network where all traffic is routed to "the big
Squid" server who have a small firewall ruleset which intercepts port 80
to Squid and blocks most else.. perhaps on a separate interface for
simplicity.

> 2. Discover settings in recent linksys cable routers so I could
> automatically portfoward the requests to the big squid. In effect
> achieving automatically setting the proxy through the dsl/cable
> router, without it being a transparently proxy.

This might be possible, but you still have to worry about what ever
other equipment is on the same network which should not be reachable by
public access and also won't work for some older applications (not
likely to be a big issue however).

> I can't make the big squid transparent because it is accessable to
> staff (authenticated users) from outside.

The two functions do not collide.

> I have endless older computers that can run redhad and squid but don't
> have any processing power. I have a linksys wireless dsl/cable router.
> I don't care to restrict our wireless users or to force them to
> authenticate, though I suspect if it gets out of hand, I need to keep
> those options open.

based on your task description (public library with a mandate to provide
wireless web access to whoever walks in) I don't think authentication is
viable.. also it won't really solve any of your problems.

authentication is good if you need good traceability in who did what
when.

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden