Re: [squid-users] Squid via Network Wireless Router & Wireless Clients

From: Adrian Miller <adrian.m.miller_at_gmail.com>
Date: Sat, 7 Jul 2012 19:36:54 +1000

On 7 July 2012 19:02, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 7/07/2012 6:10 p.m., Adrian Miller wrote:
>>
>> Squid via Network Wireless Router & Wireless Clients
>>
>> Hopefully this is a simple question, with an equally quick answer.
>>
>> I have set up traditional squid setups before, with the 2 NIC setup.
>>
>> This time though i have only a wireless router connected via ethernet
>> to the squid box (1 NIC only).
>>
>> All clients will connect to the squid box via the wireless router.
>>
>> i.e.
>> Code:
>>
>> Wireless Client Laptops
>> |
>> \/
>> Wireless Router/ADSL2 Modem ---- > Interwebs
>> | /\
>> \/ |
>> Squid
>>
>> So my question (and im probably looking for reinforcement/outright
>> ridicule for my own thoughts) is
>>
>> "Whats the best way to implement this?"
>>
>> Is it as simple as forwarding all traffic from the router port 80 to
>> the squid box port 3128 in the router config and running the squid box
>> in transparent mode.
>
>
> Yes it can be that simple. The only issue is whether your
> wireless+router+adsl+modem combo box supports it. The usual "port
> forwarding" supplied by CPE boxes with off the shelf commercial software
> does not work well. OpenWRT and such which allow much deeper admin control
> can be configured fairly easily using the Squid wiki configs like any
> router.

Yeah, i understand that most routers lack the iptables option of the
WRT firmwares, but thats what im stuck with.

To be precise im stuck with a Billion 7800N wireless router/adls2+ modem.

Im dealing with a small club who want to implement this without too
many changes to the system hardware wise. If i even thought i could
get them to accept adding a simple adsl router in addition to the
existing setup i would, but these are the kind of people who would
just say "but we already have one" :)

Im pretty much going to try one of these, as these appear to be the
options i can find in my head and out on the interwebs. Theres
surprisngly not a lot of info readily available (at least in my
search) that covers setting up squid with one NIC.

In order of preference -

a) Run squid in transparent mode, Forward port 80 on the router to
squid on 3128.

b) Set each client machines IP to static and use the squid box's ip as
the default gateway. On the squid box, redirect port 80 via Iptables
to port 3128. Not as bad as it sounds because i generally like static
IP's anyways and it will make logging/auditing easier as there wont be
any auth used for squid.

c) Set the browser on each client manually to the squid box.

>
>
>
>> Or
>>
>> The above but conventional with proxy set manually on each client
>
>
> That is better. But manual configuration can be a hassle on any type of
> large or dynamic network.
> Interception pushing clients at the squid ERR_CONFIG_* pages help clients to
> do it themselves, but can still be trouble.
>
>
>>
>> Or neither, and you have a more sane approach
>
>
> Slightly more sane is to setup WPAD on the network. Then push clients to
> setup "auto-detect". That lets you hide any and all proxy changes behind a
> PAC file. Including proxy bypasses etc for the occasional broken websites.
>
>

I had thought of WPAD, but from my limited understanding it has to be
pushed via DNS and DHCP, which i would have to use on the squid box
anyways. I figure its probably just easier to do b) above

> It is much easer to configure with separated wireless, router, and modem
> boxes.
>
> My favourite for this type of installation is:
> clients -> portal (wireless AP -> Squid router -> ADSL modem) ->
> Intarwebs.

Me too, thats the way i would do it, if i was able to :)

>
> With an off the shelf Linux box running Squid and all the regular tools
> needed for routing whatever the installation needs its easily extended or
> changed. As the AP/modem components burn out or age they can be replaced
> without affecting the whole setup.
>
> Amos

Thats the ideal, but i have my hands tied :)

Appreciate the advise and feedback!
Received on Sat Jul 07 2012 - 09:37:05 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 07 2012 - 12:00:01 MDT