On 22 Jan 2010, at 14:41, Joseph wrote: > On 01/22/10 10:43, Stroller wrote: >>> >>> I don't understand what kind of explanation you expect, just emerge squid >>> iptable (make sure kernel has the correct entries compiled IN) and type >>> those commends in at the command line; read the post above some other users >>> clearly suggested what to type at the command line :-) >>> >>> It just works! I stated my objectives and I accomplished them. >> >> Maybe I'm being very dumb. I assumed a situation of router A, with Squid >> running on server B. The office staff are using browsers on client machines >> X, Y & Z. When a user on machine X browses to a website, his PC sends the >> packet to router A. The packet never reaches server B in order to be >> intercepted by B. We can configure B as the proxy in the browser settings of >> X, Y & Z, but then that no longer needs iptables configuration or >> interception mode. >> >> I'm not trying to argue with you, BTW. I'm just trying to learn from you. >> >> Stroller. > > I'm not an expert with iptables but since you have multiple machine on your > network your best option is to configure single machine to run squid on it > and forward the traffic to it. You have to tell us your setup, what kind of > equipment you have, it it a small firewall/router from store you build it etc. > How the traffic flow, I might suggest something. > I think in your situation best option would be if router A runs squid if > possible; if not router A intercept all packets from X,Y,X and sends them to > squid B machine, B process the traffic and send it back to router A (rotter A > forward all traffic from squid B to Internet).
I'm not asking for help with my configuration, because it works just fine as it is. You asserted, I think, that Squid works in interception mode on a server with a single NIC. Is that server a router? Does it filter for the benefit of other computers? How do the other computers know to send packets to the server? Stroller.