[squid-users] Transparent proxy before NAT

Yuri Voinov yvoinov at gmail.com
Mon Jul 13 20:24:27 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
And beware: Your current configuration is insecure. Very insecure.
Especially if you haven't firewall configured on squid box.

14.07.15 2:15, John Pearson пишет:
> Hi Everyone,
>
> My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Router <-->
> Devices
>
> Currently the Router is doing NAT and DHCP for the devices connected
to it.
> Squid is in transparent mode. I set up a bridge ( br0). I set up the
> ebtables and iptables. It works but I want to figure out a way without
> having to configure Squid server or Router with hardcoded addresses.
>
> I have it working with either setup:
> 1. Remove the bridge ( br0) and setup the Squid server eth1 as a static IP
> address and set Squid server IP address as gateway in Router settings.
> 2. Since Squid server is in bridge mode, I can hard code IP address in a
> Squid ACL as all traffic appears to come this IP address from the router.
>
> I want a way to do this without any setup, basically to take a Squid box
> and place it before a Router. Is there a way to do this ?
>
> A few ideas that might be wrong:
> 1. In bridge mode, http_access allow CURRENTIPADDRESS  ( CURRENTIPADDRESS
> is the dynamic IP address provided the ISP ) Is there a way to obtain this
> in the squid.conf file ?
> 2. Setup a DHCP server alongside Squid server and have Squid(DHCP) <-->
> Router(DHCP, NAT) and have same dhcp address given to the Router in
> squid.conf as http_access allow localnet
>
> Thanks in advance!
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVpB57AAoJENNXIZxhPexG/JEIAI06Ksm0R7n2O8h5mHO0HgFe
8r/bmmcKcmkmRiWXJGAq/zKY5oBuzeNocuwS4HNkj+//hYkdRpTyF8+ozFNeoSYj
2AnEkmcjZLjGk3kG/RcBpdIY8n1iXBQuD0I/4UrTleeG282tVeZJbe+qWVXvG1nB
7N7dyB/kYeKnlmhUNfCCbhyoLD3dJyC+8ECYjwAKIWspdPnzAPUFMIPc1NmWnMWU
IiQJe73wCITVd100YCSeCBbOvlvoYbWbQrymOb7rWMVJJq/qQxa2R27660DHAvjj
pnF0bnh94kvjFJ7Pk3AXM3d4jXKt0DbJLiXuw6Ch2MzZcfN0cYfpTDiGvH6XcBY=
=dAJc
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150714/bb267e26/attachment.html>

More information about the squid-users mailing list