<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I use a bit another configuration: <br>
<br>
<a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2">http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2</a><br>
<br>
As you can see, squid box placed between two routers. Front router
uses NAT to white IP, back router has no NAT and configured with
WCCPv2 redirection. DMZ configured between two routers.<br>
<br>
As I think, configuration you described will really strange and
insecure. Yes, you can assign white IP to squid. No, you can't use
squid as router or DHCP. Squid box can only work as intercepter for
HTTP/HTTPS traffic and TCP/IP forwarder for another traffic.<br>
<br>
As I said, more correct configuration will be:<br>
<br>
Internet <-----> Router <-----> Transparent Squid box as
gateway <-------> devices.<br>
<br>
This configuration works, I use it on my testing environment.<br>
<br>
<div class="moz-cite-prefix">14.07.15 2:34, John Pearson пишет:<br>
</div>
<blockquote
cite="mid:CAKNtY_xjqZr=jMfJD3FAv9VEHkgzYOqt_3MzSSS3+mQzLjLyGw@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8000001907349px">Thanks
Yuri for the response, I understand. I do have Shorewall
configured and I understand the security implications. My
Router is also the Wireless AP, so I want to try out this
setup without having to buy another Wireless AP. </span>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">I don't mind it being
complex, do you have any suggestions on getting Internet
<---> Squid <---> Router (NAT) working ?</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">Thanks!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jul 13, 2015 at 1:33 PM, John
Pearson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:johnpearson555@gmail.com" target="_blank">johnpearson555@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Thanks Yuri for the response, I understand. I
do have Shorewall configured and I understand the security
implications. My Router is also the Wireless AP, so I want
to try out this setup without having to buy another
Wireless AP.
<div><br>
</div>
<div>I don't mind it being complex, do you have any
suggestions on getting Internet <---> Squid
<---> Router (NAT) working ?</div>
<div><br>
</div>
<div>Thanks!</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jul 13, 2015 at 1:26
PM, Yuri Voinov <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:yvoinov@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span> <br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
</span> Ah,<br>
<br>
forgot about:<br>
<br>
Your squid in scheme I wrote will have static
gray IP. And this IP must be excluded from DHCP
pool on router.<span><br>
<br>
14.07.15 2:15, John Pearson пишет:<br>
</span><span style="white-space:pre-wrap"><div><div>> Hi Everyone,
>
> My setup is: Internet <--> Squid-eth0 <-->
Squid-eth1 <--> Router <-->
> Devices
>
> Currently the Router is doing NAT and DHCP for the devices
connected to it.
> Squid is in transparent mode. I set up a bridge ( br0). I set
up the
> ebtables and iptables. It works but I want to figure out a
way without
> having to configure Squid server or Router with hardcoded
addresses.
>
> I have it working with either setup:
> 1. Remove the bridge ( br0) and setup the Squid server eth1
as a static IP
> address and set Squid server IP address as gateway in Router
settings.
> 2. Since Squid server is in bridge mode, I can hard code IP
address in a
> Squid ACL as all traffic appears to come this IP address from
the router.
>
> I want a way to do this without any setup, basically to take
a Squid box
> and place it before a Router. Is there a way to do this ?
>
> A few ideas that might be wrong:
> 1. In bridge mode, http_access allow CURRENTIPADDRESS (
CURRENTIPADDRESS
> is the dynamic IP address provided the ISP ) Is there a way
to obtain this
> in the squid.conf file ?
> 2. Setup a DHCP server alongside Squid server and have
Squid(DHCP) <-->
> Router(DHCP, NAT) and have same dhcp address given to the
Router in
> squid.conf as http_access allow localnet
>
> Thanks in advance!
>
>
>
</div></div><span>
> _______________________________________________
> squid-users mailing list
> <a moz-do-not-send="true" href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>
> <a moz-do-not-send="true" href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a></span></span><span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
</span>
iQEbBAEBCAAGBQJVpB7aAAoJENNXIZxhPexGJcgH+IcaMqoEwlcRYFNCWqKT/Msc
<br>
I6aMD/82Uw5ow/HayX/GrxCHTzYjdCzXDXJTP9cAnHZaMnvOPxtCGuVocEHNEiOa
<br>
sDsZC9P074hoANDEAYXycWF73auCxYg4jcg8dRtbZwVEazwYsMVN6ye5a3i9EaZM
<br>
/DotQ78htLNRJrLhoCO9yQBtJObcUs+eyOie4oxk4YWSfQMcjZOXen7U8K8KGQuH
<br>
cOBcodLJv/eP1T+CcEe3ATr8Szo+zQ648jG27pdy7XuPecek7sWllRnyq93fpkID
<br>
FnvOr21R3gLBBdStYty43PKQ/4Z3d4vp56aYEweKBsGJV9kVC2QMjDXLOzrbug==
<br>
=1pgP
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</div>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:squid-users@lists.squid-cache.org"
target="_blank">squid-users@lists.squid-cache.org</a><br>
<a moz-do-not-send="true"
href="http://lists.squid-cache.org/listinfo/squid-users"
rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>