Re: [squid-users] Setting up two NICs with Squid/DANSGuardian from Amos Jeffries on 2009-12-14 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 15 Dec 2009 10:26:47 +1300

On Mon, 14 Dec 2009 14:47:06 +0100, <david.kauffmann_at_it-partner.de> wrote:
> Hi list,
>
> I have the following setup:
>
> Debian 5.0/Kernel 2.6.26-2-486
>
> Squid3 Stable 19
>
> Squid.conf excerpts
>
> http_port 127.0.0.1:3128
>
> acl DANS src 127.0.0.1
> http_access allow DANS
>
> *********************************************
>
> Dansguardian 2.9.9.4
>
> Dansguardian.conf excerpts
>
> filterip = 172.16.10.214
> filterport = 8080
>
> proxyip = 127.0.0.1
> proxyport = 3128
>
> *********************************************
>
> ifconfig output
>
> eth0 Link encap:Ethernet inet address:172.16.10.214
> eth1 Link encap:Ethernet inet address:172.16.10.225
>
> *********************************************
>
> Proxying is done explicitly. Currently the users connect to
> 172.16.10.214:8080. I want to change the setup to make users connect to
> 214:8080 which passes the connection 225:????.
> Diagram:
>
> Currently:
>
> user --> eth0 (214:8080) --> DG --> Squid --> WAN
>
> Desired:
>
> user --> eth0 (214:8080) --> DG --> Squid --> eth1 (225:????) --> WAN
>
> The whole point of doing this is to have two different mac
adresses/ports
> which can be used for vlan tagging.

How exactly is that tagging done? It you use IP-level TOS marks Squid can
add them itself with the tcp_outgoing_tos directive.

>
> How do i do that?
> Using iptables?
> - Could you give me the rules for that?
> Using a bridge?
> - How do i set it up?

Both of the above are possibilities, however to do it that way you start
by discarding Squid and DG from the software chain. So if you want to go
that way this is not the place to look for help, there are basic router
configurations available elsewhere online.

> Another possibility?
> Please give me some solutions.

If I understand correctly you are wanting a simple case of; all traffic
to go out via address *.225.

squid.conf:
tcp_outgoing_address 172.16.10.225

That will pass everything out of squid with the specified IP address. It's
up to the OS to route it from there.

There is a catch if you want to receive traffic on multiple interfaces and
direct them to individual outgoing IPs though. DG becomes a serious problem
as it erases the source IP information.

Amos
Received on Mon Dec 14 2009 - 21:26:51 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 15 2009 - 12:00:02 MST