Re: Using Squid with 1 NIC

Yuri Voinov <yvoinov@xxxxxxxxx> · Sun, 24 Apr 2016 01:30:05 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

     
    24.04.16 1:26, Tom пишет:

    > Sorry for not being more
      clearer on my first post. So I have a VMware environment running
      mostly CentOS 6 and multiple port groups:

      >

      > Each port group it its own network segment.  Please see
      below:

      >

      > 192.168.1.0/24 <http://192.168.1.0/24>

      > GW 192.168.1.1

      > proxy=192.168.1.2

      > CentOS servers in this network 192.168.1.0/24
      <http://192.168.1.0/24>

      >

      > 192.168.2.0/24 <http://192.168.2.0/24>

      > GW 192.168.2.1

      > proxy=192.168.2.2

      > CentOS servers in this network 192.168.2.0/24
      <http://192.168.2.0/24>

      >

      > 192.168.3.0/24 <http://192.168.3.0/24>

      > GW 192.168.3.1

      > proxy=192.168.3.2

      > CentOS servers in this network 192.168.3.0/24
      <http://192.168.3.0/24>

      >

      > Now I planned to install/configure a Squid proxy server (one
      NIC) in each network and all clients will be going through it. 
      Now these are CentOS 6 servers, not workstations.  I need all
      servers in each network segment to go through the proxy so traffic
      can be monitored for each network.  Now would a transparent proxy
      help?? Hope this make sense.

    
    Using a transparent proxy depends on whether it is possible to
    configure clients to use a proxy or not.

    
    In most cases, no one here recommends the use of a transparent
    proxy, because there are a number of restrictions and high technical
    expertise for quality implementation. Also the most fundamental
    restriction (but I don't think so) is only possible to proxying
    HTTP/HTTPS.

    
    >

      > On Sat, Apr 23, 2016 at 1:50 PM, Yuri Voinov
      <yvoinov@xxxxxxxxx <mailto:yvoinov@xxxxxxxxx>> wrote:

      >

      >

      > I've based on op's diagram. We are know nothing about what he
      want.

      > Thelepaty on Bali on vacation.

      >

      >

      > 23.04.16 23:46, Antony Stone пишет:

      > > On Saturday 23 April 2016 at 19:12:56, Yuri Voinov
      wrote:

      >

      > >> http://wiki.squid-cache.org/ConfigExamples/Intercept

      >

      > > Surely there's no reason to have to set up intercept
      mode (unless the

      > OP can't

      > > configure the applications to use an explicit proxy)?

      >

      > > I'm assuming the gateway 192.168.1.1 does outbound NAT
      to the Internet

      > > (otherwise nothing would work), so all that's needed is
      to set up

      > Squid on

      > > 192.168.1.2 to allow access from 192.168.1.0/24
      <http://192.168.1.0/24>, with a default

      > gateway of

      > > 192.168.1.1, and then configure each of the 192.168.1.x
      client

      > machines to use

      > > 192.168.1.2:3128 <http://192.168.1.2:3128> as
      their proxy server?

      >

      > >> 23.04.16 23:08, Tom Ku пишет:

      > >>> Hi All,

      > >>>

      > >>> I know this question has been beaten to death
      but I can't seem to find

      > >>> any answers via google.  So i'm trying to set up
      a Squid proxy for my

      > >>> VMware infrastructure.  I have multiple port
      groups networks and I plan

      > >>> to put a Squid server in each port group to
      monitor network/internet

      > >>> traffic.  So I would like my setup like this:

      > >>>

      > >>> 192.168.1.1 - Gateway

      > >>> ^

      > >>> l

      > >>> l

      > >>> l

      > >>> Squid Proxy - 192.168.1.2)

      > >>> ^

      > >>> l

      > >>> l

      > >>> l

      > >>> VMs (clients - 192.168.1.x/24)

      > >>>

      > >>> Now i can only have 1 NIC on the Squid server. 
      I've read that

      > >>> iptables will probably have to be configured. 
      Any help would be

      > >>> appreciated.

      >

      > > I think one important thing you have missed out is why
      you need to use

      > Squid

      > > at all in such a setup?  What are you trying to achieve
      by

      > implementing it,

      > > instead of just giving all clients direct access to the
      Internet?

      >

      >

      >

      > > Antony.

      >

      >

      >

      >

      >     _______________________________________________

      >     squid-users mailing list

      >     squid-users@xxxxxxxxxxxxxxxxxxxxx
      <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>

      >     http://lists.squid-cache.org/listinfo/squid-users

      >

      >

    
    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBCAAGBQJXG809AAoJENNXIZxhPexG18cH/3AXP3mwu/lAmNdTru8rbPT1


    iStds/GKw9BOTebKRMtdkOB9F5kBqYSVugksXwAKbOjrisMC0d69iA9ovocUvQiY


    DpsaZHybtwZYnSc8TO+hKgI5U4DGYFsBIYudDPyRlLIj6iluCRziHjetyQ2iMHru


    d9KNZiQGMMBTwjPyI+YDP4IVYuE8BGyEzlYSib4vAYb1nQAsMyX0tElrfvzmZB4h


    DaeKbJlyK7HdsaSZMFR+hz3CNW0uHzsTxchrW6lXPBkFsU25tcwuRhE1Rfh2i0UQ


    MqHUIzwTqNIvmIFbKkbQeLXbIPFUDNWtAeOBKy/XkKCiIZJJ0fm42g/5oFwaIas=


    =bfyf


    -----END PGP SIGNATURE-----


Attachment:
0x613DEC46.asc

Description: application/pgp-keys
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users