On 7/07/2012 9:36 p.m., Adrian Miller wrote:
On 7 July 2012 19:02, Amos Jeffries <squ...@treenet.co.nz> wrote:
On 7/07/2012 6:10 p.m., Adrian Miller wrote:
Squid via Network Wireless Router & Wireless Clients
Hopefully this is a simple question, with an equally quick answer.
I have set up traditional squid setups before, with the 2 NIC setup.
This time though i have only a wireless router connected via ethernet
to the squid box (1 NIC only).
All clients will connect to the squid box via the wireless router.
i.e.
Code:
Wireless Client Laptops
|
\/
Wireless Router/ADSL2 Modem ---- > Interwebs
| /\
\/ |
Squid
So my question (and im probably looking for reinforcement/outright
ridicule for my own thoughts) is
"Whats the best way to implement this?"
Is it as simple as forwarding all traffic from the router port 80 to
the squid box port 3128 in the router config and running the squid box
in transparent mode.
Yes it can be that simple. The only issue is whether your
wireless+router+adsl+modem combo box supports it. The usual "port
forwarding" supplied by CPE boxes with off the shelf commercial software
does not work well. OpenWRT and such which allow much deeper admin control
can be configured fairly easily using the Squid wiki configs like any
router.
Yeah, i understand that most routers lack the iptables option of the
WRT firmwares, but thats what im stuck with.
To be precise im stuck with a Billion 7800N wireless router/adls2+ modem.
Im dealing with a small club who want to implement this without too
many changes to the system hardware wise. If i even thought i could
get them to accept adding a simple adsl router in addition to the
existing setup i would, but these are the kind of people who would
just say "but we already have one" :)
Im pretty much going to try one of these, as these appear to be the
options i can find in my head and out on the interwebs. Theres
surprisngly not a lot of info readily available (at least in my
search) that covers setting up squid with one NIC.
In order of preference -
a) Run squid in transparent mode, Forward port 80 on the router to
squid on 3128.
Possible but dangerous. I advise against unless you have no other
choice, but...
b) Set each client machines IP to static and use the squid box's ip as
the default gateway. On the squid box, redirect port 80 via Iptables
to port 3128. Not as bad as it sounds because i generally like static
IP's anyways and it will make logging/auditing easier as there wont be
any auth used for squid.
c) Set the browser on each client manually to the squid box.
These work well if you are willing to face the admin maintenance work.
And yes its easier to do (b) than play with DNS settings on that type of
CPE.
Amos
