On 01/22/10 16:40, Stroller wrote:
I'm not an expert with iptables but since you have multiple machine on your
network your best option is to configure single machine to run squid on it and
forward the traffic to it. You have to tell us your setup, what kind of
equipment you have, it it a small firewall/router from store you build it etc.
How the traffic flow, I might suggest something.
I think in your situation best option would be if router A runs squid if
possible; if not router A intercept all packets from X,Y,X and sends them to
squid B machine, B process the traffic and send it back to router A (rotter A
forward all traffic from squid B to Internet).
I'm not asking for help with my configuration, because it works just fine as it
is.
You asserted, I think, that Squid works in interception mode on a server with a
single NIC.
Yes, that is correct!
Is that server a router?
No, it is not a router it is just a single workstation running Windows XP in VirtualBox; since this machine is a critical workstation I don't want to expose
it to Internet environment, I only need to allow access to one or two domains over https most likely.
Does it filter for the benefit of other computers?
How do the other computers know to send packets to the server?
No, it doesn't but it could and it could be done very easily. All is needed is to redirect the Internet traffic on your firewall back to box "B" (running
squid + iptables). I assume all your boxes on the LAN get their IP addresses from DHCPD server running on the firewall, isn't it? So all you need to do is
to direct all know IP address X,Y,Z to box "B". It might not be that simple, it depends on firewall type and flexibility.
In box B just write a simple one liner in iptables to instruct iptables that
all incoming traffic goes to port 3128 (squid is listing on this port by
default).
--
Joseph
