[squid-users] Setting up proxy with private to public

Antony Stone Antony.Stone at squid.open.source.it
Mon Apr 13 22:10:43 UTC 2020 

On Monday 13 April 2020 at 23:46:46, Chris Bidwell - NOAA Federal wrote:

> Sure.  So we have a few internal networks that aren't meant to have direct
> internet access without access through a proxy so that it can be better
> regulated and monitored.

Okay, that's a useful starting point.

> We've got several internal subnets that need to be able to talk through
> squid (I've chosen tcp/8080) to connect to from internally and want to
> translate that to an external IP address that does have access to the
> outside world.

That sounds perfectly straightforward, provided your Squid server has routing 
to connect back to those internal networks.

> Once again, the squid server has two IP addresses.  One internal, and one
> external.  The outbound traffic would be accessible through that external
> ip.

So, you configure your internal clients to connect to the internal address of 
the Squid machine, and tell them that the proxy is listening on port 8080.

Add the subnet definitions (if they are not 10.0.0.0/8, 172.16.0.0/12 or 
192.168.0.0/16) to Squid's configuration file.  If you *are* using such RFC1918 
addresses, these are automatically supported by Squid and you do not need to 
configure for your internal network ranges.

You don't need to do anything special to get Squid to use its external address 
for the connections out to the Internet - that's handled by the Linux 
networking stack.

> I hope I'm making *some* sense.  :)

I think so.

My suggestion from here on is: install Squid, configure a test client to use 
it, and see if it works.

If not, give us enough information to understand what you've done (both the 
setup and the testing) so we could reproduce it for ourselves, and we'll try 
to help further.


Best wishes,


Antony.

-- 
Warum können Seeräuber nicht den Umfang eines Kreises berechnen?
Weil sie Piraten...


                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list