On Mon, 2005-01-24 at 17:44 +1300, greylake wrote: > hello > > lan_one|-------------|gateway|---------|lan_two > | | > squidbox | > (member of lan_one) | > | > (world) > > > question 1. > > at the moment traffic from BOTH lans seems to be prerouted to the squid > box > but i want lan_two traffic to bypass the squidbox and go direct ( for > now...) > > i'm sure its iptables syntax but i cant seem to get it to work > any advice or examples greatly appreciated > [...] Sorry, I'm a bit confused. Are you using a transparent proxy here? It would seem so, but if so there's unnecessary cruft in the tables, and also the network diagram seems a bit odd (a lollypop will effectively halve the bandwidth available to the clients). If not, the tables are useless, and you should put that kind of logic in a proxy autoconfiguration script (pac-file). What is the default gateway for the clients? > --------------------------------------------------------------------------------- > > > > > > question 2. > > if both lans do use the cache ( with a tighter iptables in place ) is it > possible to cache but not log lan_two traffic ? Not with squid 2.5, and 3.0 is not ready. Also with this network design, it's not possible to have lan_two clients use squid as a transparent proxy. Kinkie
