frech wrote:
> Hi Amos,
> thanx again ;-)
>
> OK, just to make it really clear (sorry about my bad english!!!) i try to
> make a small illustration:
>
> workgroup connected by
>
> workstation1)
> workstation2|
> |---network-HUB--eth1-{ Squid-Server
> }-eth0---SWITCH------------------------Firewall-WWW
> workstation3| (192.168.3.0)
> (192.168.1.0) Port 8080<----|
> dataserver )
>
> There is NO router in the network of my workgroup. But the squid has to act
> as something like a router.
> Is this how you expected?
>
Ah, something happened to your diagram, but I managed to decipher it.
Yes, thats one of the regular setups. Better than the one I was thinking
of earlier. You can ignore the policy routing and NAT stuff entirely to
start with that setup.
The Squid box in that setup _is_ a router.
From an empty setup:
* assign the IPs to squid interfaces. (This alone sets up most of the
routing properly in Squid box.)
* add default route to Squid box (if missing, check first):
route add default gw 192.168.1.1 dev eth0
* Turn on the IP forwarding settings in Squid box sysctl.conf.
* add route to firewall to gw net-3 through the squid box:
route add 192.168.3.0/24 gw 192.168.1.2 dev eth*
* run whatever ping tests you can to check that traffic from
192.168.3.* workstations can get to the places they need to.
Thats it for routing.
Normal Squid config we already covered.
Now setup the 192.168.3.* boxes to use the proxy instead of going direct
to the Internet for web stuff.
Simple. Done.
NP: It's also a good idea to setup the firewall on the Squid box and
consider it an extra layer of protection for both subnets from bad
action in the other subnet.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.10 or 3.1.0.11Received on Tue Jul 21 2009 - 06:51:44 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 21 2009 - 12:00:03 MDT