<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
<br>
<br>
24.04.16 1:26, Tom пишет:<br>
<span style="white-space: pre;">> Sorry for not being more
clearer on my first post. So I have a VMware environment running
mostly CentOS 6 and multiple port groups:<br>
><br>
> Each port group it its own network segment. Please see
below:<br>
><br>
> 192.168.1.0/24 <a class="moz-txt-link-rfc2396E" href="http://192.168.1.0/24"><http://192.168.1.0/24></a><br>
> GW 192.168.1.1<br>
> proxy=192.168.1.2<br>
> CentOS servers in this network 192.168.1.0/24
<a class="moz-txt-link-rfc2396E" href="http://192.168.1.0/24"><http://192.168.1.0/24></a><br>
><br>
> 192.168.2.0/24 <a class="moz-txt-link-rfc2396E" href="http://192.168.2.0/24"><http://192.168.2.0/24></a><br>
> GW 192.168.2.1<br>
> proxy=192.168.2.2<br>
> CentOS servers in this network 192.168.2.0/24
<a class="moz-txt-link-rfc2396E" href="http://192.168.2.0/24"><http://192.168.2.0/24></a><br>
><br>
> 192.168.3.0/24 <a class="moz-txt-link-rfc2396E" href="http://192.168.3.0/24"><http://192.168.3.0/24></a><br>
> GW 192.168.3.1<br>
> proxy=192.168.3.2<br>
> CentOS servers in this network 192.168.3.0/24
<a class="moz-txt-link-rfc2396E" href="http://192.168.3.0/24"><http://192.168.3.0/24></a><br>
><br>
> Now I planned to install/configure a Squid proxy server (one
NIC) in each network and all clients will be going through it.
Now these are CentOS 6 servers, not workstations. I need all
servers in each network segment to go through the proxy so traffic
can be monitored for each network. Now would a transparent proxy
help?? Hope this make sense.</span><br>
<br>
Using a transparent proxy depends on whether it is possible to
configure clients to use a proxy or not.<br>
<br>
In most cases, no one here recommends the use of a transparent
proxy, because there are a number of restrictions and high technical
expertise for quality implementation. Also the most fundamental
restriction (but I don't think so) is only possible to proxying
HTTP/HTTPS.<br>
<br>
<span style="white-space: pre;">><br>
> On Sat, Apr 23, 2016 at 1:50 PM, Yuri Voinov
<<a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><mailto:yvoinov@gmail.com></a>> wrote:<br>
><br>
><br>
> I've based on op's diagram. We are know nothing about what he
want.<br>
> Thelepaty on Bali on vacation.<br>
><br>
><br>
> 23.04.16 23:46, Antony Stone пишет:<br>
> > On Saturday 23 April 2016 at 19:12:56, Yuri Voinov
wrote:<br>
><br>
> >> <a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/ConfigExamples/Intercept">http://wiki.squid-cache.org/ConfigExamples/Intercept</a><br>
><br>
> > Surely there's no reason to have to set up intercept
mode (unless the<br>
> OP can't<br>
> > configure the applications to use an explicit proxy)?<br>
><br>
> > I'm assuming the gateway 192.168.1.1 does outbound NAT
to the Internet<br>
> > (otherwise nothing would work), so all that's needed is
to set up<br>
> Squid on<br>
> > 192.168.1.2 to allow access from 192.168.1.0/24
<a class="moz-txt-link-rfc2396E" href="http://192.168.1.0/24"><http://192.168.1.0/24></a>, with a default<br>
> gateway of<br>
> > 192.168.1.1, and then configure each of the 192.168.1.x
client<br>
> machines to use<br>
> > 192.168.1.2:3128 <a class="moz-txt-link-rfc2396E" href="http://192.168.1.2:3128"><http://192.168.1.2:3128></a> as
their proxy server?<br>
><br>
> >> 23.04.16 23:08, Tom Ku пишет:<br>
> >>> Hi All,<br>
> >>><br>
> >>> I know this question has been beaten to death
but I can't seem to find<br>
> >>> any answers via google. So i'm trying to set up
a Squid proxy for my<br>
> >>> VMware infrastructure. I have multiple port
groups networks and I plan<br>
> >>> to put a Squid server in each port group to
monitor network/internet<br>
> >>> traffic. So I would like my setup like this:<br>
> >>><br>
> >>> 192.168.1.1 - Gateway<br>
> >>> ^<br>
> >>> l<br>
> >>> l<br>
> >>> l<br>
> >>> Squid Proxy - 192.168.1.2)<br>
> >>> ^<br>
> >>> l<br>
> >>> l<br>
> >>> l<br>
> >>> VMs (clients - 192.168.1.x/24)<br>
> >>><br>
> >>> Now i can only have 1 NIC on the Squid server.
I've read that<br>
> >>> iptables will probably have to be configured.
Any help would be<br>
> >>> appreciated.<br>
><br>
> > I think one important thing you have missed out is why
you need to use<br>
> Squid<br>
> > at all in such a setup? What are you trying to achieve
by<br>
> implementing it,<br>
> > instead of just giving all clients direct access to the
Internet?<br>
><br>
><br>
><br>
> > Antony.<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXG809AAoJENNXIZxhPexG18cH/3AXP3mwu/lAmNdTru8rbPT1
<br>
iStds/GKw9BOTebKRMtdkOB9F5kBqYSVugksXwAKbOjrisMC0d69iA9ovocUvQiY
<br>
DpsaZHybtwZYnSc8TO+hKgI5U4DGYFsBIYudDPyRlLIj6iluCRziHjetyQ2iMHru
<br>
d9KNZiQGMMBTwjPyI+YDP4IVYuE8BGyEzlYSib4vAYb1nQAsMyX0tElrfvzmZB4h
<br>
DaeKbJlyK7HdsaSZMFR+hz3CNW0uHzsTxchrW6lXPBkFsU25tcwuRhE1Rfh2i0UQ
<br>
MqHUIzwTqNIvmIFbKkbQeLXbIPFUDNWtAeOBKy/XkKCiIZJJ0fm42g/5oFwaIas=
<br>
=bfyf
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>