[squid-users] transparent (intercepting?) without wccp, options? from Ezequiel Birman on 2012-06-30 (squid-users)

From: Ezequiel Birman <stormwatch_at_espiga4.com.ar>
Date: Sun, 01 Jul 2012 02:08:00 -0300

Note: I've tried to send this post previously through gmane but since
I've received no bounces i am not sure if list members received it or
not.

I am trying to decide how to set up a transparent proxy.

We have 2 ISPs. Both use cablemodem. Bandwidths are 6 and 3 Mbps.

The router model is Cisco RV042 V3. It can do load balancing between 2
wan (using the dmz port). I looks and has the same functionality as
Linksys RV042, just different hardware and no sshd. Unfortunately it
doesn't support wccp either.

When the RV042 is serving more than 100 clients aprox. the traffic is
*really* slow.

I'd also like to be able to run dansguardian.

I can imagine some possible scenarios, altough some of them might be
wrong:

1)
                                               +---wireless ap 1
wan1-+---------+ +----------+ +---------+ +---wireless ap 2
     | squid |---| RV042 |---| switch |--+---wireless ap 3
wan2-+---------+ +----------+ +---------+ +---pc 1
                                               +---pc 2
                                               +...etc

2)
                                +---squid
wan1-+--------+ +---------+ +---wireless ap 1
     | RV042 |---| switch |---+---wireless ap 2
wan2-+--------+ +---------+ +---wireless ap 3
                                +---pc 1
                                +---pc 2
                                +...etc

                      +-----+
wan1-+--------+--dmz--|squid|
     | RV042 | +-----+ +--wireless ap 1
     +--------+--switch-------+--wireless ap 2
                              +--etc

4)
ClearOS/pfsense?
wan1-+----------------+ +--------+--wireless ap 1
| squid+router +-| switch +--wireless ap 2
wan2-+----------------+ +--------+--etc

  +--------------+
  | Trash Can |
  | |
  | +------+ |
  | | RV042| |
  +--+------+----+

Because of my inexperience, simplicity of design, and easyness of
configuration i'd choose (4). Actually, this is what i am going to do
with ClearOS or pfsense after buying a couple of ethernet
NICs... Alright, I am not throwing the RV042, yet. (btw, Should I buy
Realtek chipset cards?)

I can think of some pros and cons of each option. For example:

(1): pros: zero configuration on the clients. cons: it might be be
difficult to add other services to squid PC in the future.

(3): I am not even sure if this is right at all... surely I don't want
someone on the outside to have access to squid.

But this is all speculation. I have no practical experience, so I'd like
to know your opinion.

Thank you

-- 
Ezequiel Birman

Received on Sun Jul 01 2012 - 05:00:12 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 12:00:03 MDT