frech wrote:
Hi Amos,
thanx again ;-)
OK, just to make it really clear (sorry about my bad english!!!) i try to
make a small illustration:
workgroup connected by
workstation1)
workstation2|
|---network-HUB--eth1-{ Squid-Server
}-eth0---SWITCH------------------------Firewall-WWW
workstation3| (192.168.3.0)
(192.168.1.0) Port 8080<----|
dataserver )
There is NO router in the network of my workgroup. But the squid has to act
as something like a router.
Is this how you expected?
Ah, something happened to your diagram, but I managed to decipher it.
Yes, thats one of the regular setups. Better than the one I was thinking
of earlier. You can ignore the policy routing and NAT stuff entirely to
start with that setup.
The Squid box in that setup _is_ a router.
From an empty setup:
* assign the IPs to squid interfaces. (This alone sets up most of the
routing properly in Squid box.)
* add default route to Squid box (if missing, check first):
route add default gw 192.168.1.1 dev eth0
* Turn on the IP forwarding settings in Squid box sysctl.conf.
* add route to firewall to gw net-3 through the squid box:
route add 192.168.3.0/24 gw 192.168.1.2 dev eth*
* run whatever ping tests you can to check that traffic from
192.168.3.* workstations can get to the places they need to.
Thats it for routing.
Normal Squid config we already covered.
Now setup the 192.168.3.* boxes to use the proxy instead of going direct
to the Internet for web stuff.
Simple. Done.
NP: It's also a good idea to setup the firewall on the Squid box and
consider it an extra layer of protection for both subnets from bad
action in the other subnet.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
Current Beta Squid 3.1.0.10 or 3.1.0.11
