On Mon, 14 Dec 2009 14:47:06 +0100, <david.kauffmann@xxxxxxxxxxxxx> wrote: > Hi list, > > I have the following setup: > > Debian 5.0/Kernel 2.6.26-2-486 > > Squid3 Stable 19 > > Squid.conf excerpts > > http_port 127.0.0.1:3128 > > acl DANS src 127.0.0.1 > http_access allow DANS > > ********************************************* > > Dansguardian 2.9.9.4 > > Dansguardian.conf excerpts > > filterip = 172.16.10.214 > filterport = 8080 > > proxyip = 127.0.0.1 > proxyport = 3128 > > ********************************************* > > ifconfig output > > eth0 Link encap:Ethernet inet address:172.16.10.214 > eth1 Link encap:Ethernet inet address:172.16.10.225 > > ********************************************* > > Proxying is done explicitly. Currently the users connect to > 172.16.10.214:8080. I want to change the setup to make users connect to > 214:8080 which passes the connection 225:????. > Diagram: > > Currently: > > user --> eth0 (214:8080) --> DG --> Squid --> WAN > > Desired: > > user --> eth0 (214:8080) --> DG --> Squid --> eth1 (225:????) --> WAN > > The whole point of doing this is to have two different mac adresses/ports > which can be used for vlan tagging. How exactly is that tagging done? It you use IP-level TOS marks Squid can add them itself with the tcp_outgoing_tos directive. > > How do i do that? > Using iptables? > - Could you give me the rules for that? > Using a bridge? > - How do i set it up? Both of the above are possibilities, however to do it that way you start by discarding Squid and DG from the software chain. So if you want to go that way this is not the place to look for help, there are basic router configurations available elsewhere online. > Another possibility? > Please give me some solutions. If I understand correctly you are wanting a simple case of; all traffic to go out via address *.225. squid.conf: tcp_outgoing_address 172.16.10.225 That will pass everything out of squid with the specified IP address. It's up to the OS to route it from there. There is a catch if you want to receive traffic on multiple interfaces and direct them to individual outgoing IPs though. DG becomes a serious problem as it erases the source IP information. Amos
