RE: [squid-users] Setting up two NICs with Squid/DANSGuardian

From: Mike Marchywka <marchywka_at_hotmail.com>
Date: Mon, 14 Dec 2009 09:00:31 -0500

----------------------------------------
> Date: Mon, 14 Dec 2009 14:47:06 +0100
> From:
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Setting up two NICs with Squid/DANSGuardian
>
> Hi list,
>
> I have the following setup:
>
> Debian 5.0/Kernel 2.6.26-2-486
>
> Squid3 Stable 19
>
> Squid.conf excerpts
>
> http_port 127.0.0.1:3128
>
> acl DANS src 127.0.0.1
> http_access allow DANS
>
> *********************************************
>
> Dansguardian 2.9.9.4
>
> Dansguardian.conf excerpts
>
> filterip = 172.16.10.214
> filterport = 8080
>
> proxyip = 127.0.0.1
> proxyport = 3128
>
> *********************************************
>
> ifconfig output
>
> eth0 Link encap:Ethernet inet address:172.16.10.214
> eth1 Link encap:Ethernet inet address:172.16.10.225
>
> *********************************************
>
> Proxying is done explicitly. Currently the users connect to 172.16.10.214:8080. I want to change the setup to make users connect to 214:8080 which passes the connection 225:????.
> Diagram:
>
> Currently:
>
> user --> eth0 (214:8080) --> DG --> Squid --> WAN
>
> Desired:
>
> user --> eth0 (214:8080) --> DG --> Squid --> eth1 (225:????) --> WAN
>
> The whole point of doing this is to have two different mac adresses/ports which can be used for vlan tagging.
>
> How do i do that?
> Using iptables?
> - Could you give me the rules for that?
> Using a bridge?
> - How do i set it up?
> Another possibility?
> Please give me some solutions.

I'm trying to do something along  similar lines  but I'm not sure this relates to squid too well. AFAIK, "ip" is supposed to
replace some obsolete things ( based on googling earlier this morning). I've got a debian
machine that I want to use to isolate my other machines in my office. The debian uses ndiswrapper
that supports wlan0 that I want to be the only connection the the wireless router that attaches to our cable modem. The other
machines in my office use a wired connection a router attached to eth0. I'd like to insert squid as a proxy
for http traffic to reduce redundant content and DNS lookups but also need to know how to configure the
interface usage. But, presumably I'd use lower level tools for looking for spurious or malware related traffic.

>
>
> D. K.
> --
> IT-PARTNER - Martin U. Haneke
> Fichtestraße 26
> 10967 Berlin
> Tel: +49(30)200055-0
> Tel: +49(30)200055-39
                                               
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/171222986/direct/01/
Received on Mon Dec 14 2009 - 14:02:20 MST

This archive was generated by hypermail 2.2.0 : Mon Dec 14 2009 - 12:00:02 MST