Search squid archive

Re: Problems forcing mandatory proxy use.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Chapman wrote:
Thanks Matthew

The network has evolved from NAT without squid to NAt+squid - so I hadn't thought about eliminating NAT altogether. Do you have much experience with "squid only" networks. Will squid handle all the "other stuff" well. eg IM, bittorrrent, etc. Indeed - can these applications be persuaded to direct traffic through the proxy anyway. Are there any other consideration before turning of NAT?

Squid itself won't. But the box underneath it will have firewall and routing control you can use (assuming its a non-windows box).

Amos


Thanks again

Richard.



matthew jones wrote:
is there any need to use NAT. you could simply forward all data to the squid by setting it's IP address as the DMZ server in the WAN setup page. which would send all incomming DSL data to the IP address.

if it's a tight network your after you should think about have the squid dual homed, one connecting to the router/firewall and the other to your network, thus forcing all data to pass through the proxy. also the proxy may be proxying data on more ports than 80 such as https on port 4** ect.

i have a GD834g too but havent tried the above as i use NAT and not a proxy at home.

matt.

Richard Chapman wrote:
I have squid operating well on a small NAT network. Currently - all clients select "automatic proxy detection" and that is all working correctly with proxy.pac script on the http server. I wanted to ensure that the proxy is handling ALL http traffic ALL of the time - so I can be confident of the statistics generated by sarg (squid analysis and report generator).

I thought this should e easy. I have a netgear DG834G router acting as the internet DSL connection. I added 2 outgoing firewall rules in the Dg834G:
1) allow all going traffic from the squid servers local IP.
2) Block port 80 traffic from all (other) local ip addresses.

When I apply these 2 rules - the network experiences erratic internet access. Some sites work some of the time - but not everything works correctly. I have tried disabling the above rules - then enabling just rule 1 - and even then the network behaves erratically. Note that rule 1 is an "allow" rule. But as soon as I disable both rules - everything returns to normal.

This seems very weird to me. Can anyone suggest some subtlety I am overlooking? I have checked the netgear knowledge base and there are no glaring bugs reported related to this behaviour. I have updated to the latest netgear firmware. I can only assume the DG834 is not behaving as expected. Can anyone se another explanation?

In case it is relevant - the linux box is performing squid, dns, dhcp, http and lots of other stuff but the dg834 is performing NAT (and only NAT).

Thanks

Richard.








--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
  Current Beta Squid 3.1.0.3

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux