---------------------------------------- > Date: Mon, 14 Dec 2009 14:47:06 +0100 > From: > To: squid-users@xxxxxxxxxxxxxxx > Subject: Setting up two NICs with Squid/DANSGuardian > > Hi list, > > I have the following setup: > > Debian 5.0/Kernel 2.6.26-2-486 > > Squid3 Stable 19 > > Squid.conf excerpts > > http_port 127.0.0.1:3128 > > acl DANS src 127.0.0.1 > http_access allow DANS > > ********************************************* > > Dansguardian 2.9.9.4 > > Dansguardian.conf excerpts > > filterip = 172.16.10.214 > filterport = 8080 > > proxyip = 127.0.0.1 > proxyport = 3128 > > ********************************************* > > ifconfig output > > eth0 Link encap:Ethernet inet address:172.16.10.214 > eth1 Link encap:Ethernet inet address:172.16.10.225 > > ********************************************* > > Proxying is done explicitly. Currently the users connect to 172.16.10.214:8080. I want to change the setup to make users connect to 214:8080 which passes the connection 225:????. > Diagram: > > Currently: > > user --> eth0 (214:8080) --> DG --> Squid --> WAN > > Desired: > > user --> eth0 (214:8080) --> DG --> Squid --> eth1 (225:????) --> WAN > > The whole point of doing this is to have two different mac adresses/ports which can be used for vlan tagging. > > How do i do that? > Using iptables? > - Could you give me the rules for that? > Using a bridge? > - How do i set it up? > Another possibility? > Please give me some solutions. I'm trying to do something along similar lines but I'm not sure this relates to squid too well. AFAIK, "ip" is supposed to replace some obsolete things ( based on googling earlier this morning). I've got a debian machine that I want to use to isolate my other machines in my office. The debian uses ndiswrapper that supports wlan0 that I want to be the only connection the the wireless router that attaches to our cable modem. The other machines in my office use a wired connection a router attached to eth0. I'd like to insert squid as a proxy for http traffic to reduce redundant content and DNS lookups but also need to know how to configure the interface usage. But, presumably I'd use lower level tools for looking for spurious or malware related traffic. > > > D. K. > -- > IT-PARTNER - Martin U. Haneke > Fichtestraße 26 > 10967 Berlin > Tel: +49(30)200055-0 > Tel: +49(30)200055-39 _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/