Re: [squid-users] Problems forcing mandatory proxy use.

From: Richard Chapman <rchapman_at_aardvark.com.au>
Date: Wed, 14 Jan 2009 10:45:59 +0900

Thanks Matthew

The network has evolved from NAT without squid to NAt+squid - so I
hadn't thought about eliminating NAT altogether. Do you have much
experience with "squid only" networks. Will squid handle all the "other
stuff" well. eg IM, bittorrrent, etc. Indeed - can these applications be
persuaded to direct traffic through the proxy anyway. Are there any
other consideration before turning of NAT?

Thanks again

Richard.

matthew jones wrote:
> is there any need to use NAT. you could simply forward all data to the
> squid by setting it's IP address as the DMZ server in the WAN setup
> page. which would send all incomming DSL data to the IP address.
>
> if it's a tight network your after you should think about have the
> squid dual homed, one connecting to the router/firewall and the other
> to your network, thus forcing all data to pass through the proxy. also
> the proxy may be proxying data on more ports than 80 such as https on
> port 4** ect.
>
> i have a GD834g too but havent tried the above as i use NAT and not a
> proxy at home.
>
> matt.
>
> Richard Chapman wrote:
>> I have squid operating well on a small NAT network. Currently - all
>> clients select "automatic proxy detection" and that is all working
>> correctly with proxy.pac script on the http server.
>> I wanted to ensure that the proxy is handling ALL http traffic ALL of
>> the time - so I can be confident of the statistics generated by sarg
>> (squid analysis and report generator).
>>
>> I thought this should e easy. I have a netgear DG834G router acting
>> as the internet DSL connection. I added 2 outgoing firewall rules in
>> the Dg834G:
>> 1) allow all going traffic from the squid servers local IP.
>> 2) Block port 80 traffic from all (other) local ip addresses.
>>
>> When I apply these 2 rules - the network experiences erratic internet
>> access. Some sites work some of the time - but not everything works
>> correctly. I have tried disabling the above rules - then enabling
>> just rule 1 - and even then the network behaves erratically. Note
>> that rule 1 is an "allow" rule. But as soon as I disable both rules -
>> everything returns to normal.
>>
>> This seems very weird to me. Can anyone suggest some subtlety I am
>> overlooking?
>> I have checked the netgear knowledge base and there are no glaring
>> bugs reported related to this behaviour. I have updated to the latest
>> netgear firmware. I can only assume the DG834 is not behaving as
>> expected. Can anyone se another explanation?
>>
>> In case it is relevant - the linux box is performing squid, dns,
>> dhcp, http and lots of other stuff but the dg834 is performing NAT
>> (and only NAT).
>>
>> Thanks
>>
>> Richard.
>>
>>
>>
>>
>
Received on Wed Jan 14 2009 - 01:46:48 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 14 2009 - 12:00:03 MST