Yan Seiner wrote:
I have a question about setting up squid in my environment.
My network is fairly generic:
a firewall running openwrt, 4 mb flash and 8 mb ram, providing NAT
a server providing DNS and DHCP services; this machine is also used for
terminal services so users are logged in to this machine directly
assorted clients
I've had squid set up on a 'opt-in' basis. Now I have a request to make
it transparent for all users with the intent of disabling web access
during specified hours.
The problem I have is that my firewall is not able to run squid, and all
the examples assume that the squid box is either the firewall or
provides NAT.
Is it possible, without a huge amount of complications, to run squid on
this sort of setup?
If so, does anyone have a recipe for doing so?
Squid box had best be the one doing NAT because all source info is lost
during NAT interception and Squid needs to look it up. Note I wrote "NAT
interception", thats a more correct name for "transparent".
Squid does not have to be on the firewall or router to do NAT though:
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
the tutorial ironically was written for people using OpenWRT :)
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
