[squid-users] Transparent proxy before NAT

Yuri Voinov yvoinov at gmail.com
Mon Jul 13 20:21:28 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Too complex setup for simple task.

You can simple re-connect squid box before router and configure it as
gateway for devices. And setup NAT redirection directly onto squid box.

Something like this:

Internet <-----> Router + DHCP + NAT <------> Squid box + NAT
redirection <----------> Devices

Router will use NAT from white IP to internal IP's. Squid box will use
port redirection and will configure like forwarding IP box.

That's it.

14.07.15 2:15, John Pearson пишет:
> Hi Everyone,
>
> My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Router <-->
> Devices
>
> Currently the Router is doing NAT and DHCP for the devices connected
to it.
> Squid is in transparent mode. I set up a bridge ( br0). I set up the
> ebtables and iptables. It works but I want to figure out a way without
> having to configure Squid server or Router with hardcoded addresses.
>
> I have it working with either setup:
> 1. Remove the bridge ( br0) and setup the Squid server eth1 as a static IP
> address and set Squid server IP address as gateway in Router settings.
> 2. Since Squid server is in bridge mode, I can hard code IP address in a
> Squid ACL as all traffic appears to come this IP address from the router.
>
> I want a way to do this without any setup, basically to take a Squid box
> and place it before a Router. Is there a way to do this ?
>
> A few ideas that might be wrong:
> 1. In bridge mode, http_access allow CURRENTIPADDRESS  ( CURRENTIPADDRESS
> is the dynamic IP address provided the ISP ) Is there a way to obtain this
> in the squid.conf file ?
> 2. Setup a DHCP server alongside Squid server and have Squid(DHCP) <-->
> Router(DHCP, NAT) and have same dhcp address given to the Router in
> squid.conf as http_access allow localnet
>
> Thanks in advance!
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVpB3IAAoJENNXIZxhPexGjJYH/R0ESKEeEzla/v/sceiPBmds
r9//Nif+sGgeD8rRzVdNOYwv2tR5OpSjRr4j8F2QQYg4wO+myEUL2V6a8ATsOcOa
WM6xNiK34fbzT48mOTwRB2tsbURdxWxl1HB+7RnjSw596i5Jb/c24AlSburUKFMI
iTBppm/9ROT8lDAUAWUUx1W0SLUvylvZp4wNdA5QAY0F7uLO1X8uFXMbJXRarTYy
9lahI4dOO4SakHtsHpIoIT0uu1GGWzWHhN4c1lsER5/wX+oukpe9hRMgPYqeKJox
M/wIn7EdX2DpnBt9bLZGgkcTtKDAE0j8yfFvB3/at81zvQq8MsJSh24Hq6e4I/I=
=UG9i
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150714/c0fb7deb/attachment-0001.html>


More information about the squid-users mailing list