Amos Jeffries wrote:
> Yan Seiner wrote:
>> I have a question about setting up squid in my environment.
>>
>> My network is fairly generic:
>>
>> a firewall running openwrt, 4 mb flash and 8 mb ram, providing NAT
>> a server providing DNS and DHCP services; this machine is also used
>> for terminal services so users are logged in to this machine directly
>> assorted clients
>>
>> I've had squid set up on a 'opt-in' basis. Now I have a request to
>> make it transparent for all users with the intent of disabling web
>> access during specified hours.
>>
>> The problem I have is that my firewall is not able to run squid, and
>> all the examples assume that the squid box is either the firewall or
>> provides NAT.
>>
>> Is it possible, without a huge amount of complications, to run squid
>> on this sort of setup?
>>
>> If so, does anyone have a recipe for doing so?
>>
>
> Squid box had best be the one doing NAT because all source info is
> lost during NAT interception and Squid needs to look it up. Note I
> wrote "NAT interception", thats a more correct name for "transparent".
>
> Squid does not have to be on the firewall or router to do NAT though:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
> the tutorial ironically was written for people using OpenWRT :)
>
> Amos
Hi Amos:
Obvously I got something just half right:
The requested URL could not be retrieved
------------------------------------------------------------------------
While trying to retrieve the URL:
http://arstechnica.com/tech-policy/news/2009/05/landmark-study-drm-truly-does-make-pirates-out-of-us-all.ars
The following error was encountered:
Unable to determine IP address from host name for /arstechnica.com/
The dnsserver returned:
Server Failure: The name server was unable to process this query.
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
Your cache administrator is webmaster <mailto:webmaster>.
------------------------------------------------------------------------
Generated Fri, 29 May 2009 18:53:43 GMT by www.seiner.com
(squid/2.7.STABLE3)
I've configured this as best as I can following
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
on the firewall/router
and
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect on
the squid box.
As soon as I enable the iptablesPolicyRoute on the fw my DNS fails....
I can't figure out why.... Those rules should only affect tcp packets to
port 80.
Does anyone have this setup working? Could they please send me some
instructions for morons?
Received on Fri May 29 2009 - 22:48:28 MDT
This archive was generated by hypermail 2.2.0 : Sat May 30 2009 - 12:00:02 MDT