| 1 |
On 01/22/10 16:40, Stroller wrote: |
| 2 |
> |
| 3 |
>> I'm not an expert with iptables but since you have multiple machine on your network your best option is to configure single machine to run squid on it and forward the traffic to it. You have to tell us your setup, what kind of equipment you have, it it a small firewall/router from store you build it etc. |
| 4 |
>> How the traffic flow, I might suggest something. |
| 5 |
>> I think in your situation best option would be if router A runs squid if possible; if not router A intercept all packets from X,Y,X and sends them to squid B machine, B process the traffic and send it back to router A (rotter A forward all traffic from squid B to Internet). |
| 6 |
> |
| 7 |
>I'm not asking for help with my configuration, because it works just fine as it is. |
| 8 |
> |
| 9 |
>You asserted, I think, that Squid works in interception mode on a server with a single NIC. |
| 10 |
|
| 11 |
Yes, that is correct! |
| 12 |
|
| 13 |
> |
| 14 |
>Is that server a router? |
| 15 |
|
| 16 |
No, it is not a router it is just a single workstation running Windows XP in VirtualBox; since this machine is a critical workstation I don't want to expose |
| 17 |
it to Internet environment, I only need to allow access to one or two domains over https most likely. |
| 18 |
|
| 19 |
> |
| 20 |
>Does it filter for the benefit of other computers? |
| 21 |
> |
| 22 |
>How do the other computers know to send packets to the server? |
| 23 |
|
| 24 |
No, it doesn't but it could and it could be done very easily. All is needed is to redirect the Internet traffic on your firewall back to box "B" (running |
| 25 |
squid + iptables). I assume all your boxes on the LAN get their IP addresses from DHCPD server running on the firewall, isn't it? So all you need to do is |
| 26 |
to direct all know IP address X,Y,Z to box "B". It might not be that simple, it depends on firewall type and flexibility. |
| 27 |
In box B just write a simple one liner in iptables to instruct iptables that all incoming traffic goes to port 3128 (squid is listing on this port by default). |
| 28 |
|
| 29 |
-- |
| 30 |
Joseph |
Archives