[squid-users] Transparent proxy before NAT

John Pearson johnpearson555 at gmail.com
Mon Jul 13 20:34:35 UTC 2015


Thanks Yuri for the response, I understand. I do have Shorewall configured
and I understand the security implications. My Router is also the Wireless
AP, so I want to try out this setup without having to buy another Wireless
AP.

I don't mind it being complex, do you have any suggestions on getting
Internet <---> Squid <---> Router (NAT) working ?

Thanks!

On Mon, Jul 13, 2015 at 1:33 PM, John Pearson <johnpearson555 at gmail.com>
wrote:

> Thanks Yuri for the response, I understand. I do have Shorewall configured
> and I understand the security implications. My Router is also the Wireless
> AP, so I want to try out this setup without having to buy another Wireless
> AP.
>
> I don't mind it being complex, do you have any suggestions on getting
> Internet <---> Squid <---> Router (NAT) working ?
>
> Thanks!
>
> On Mon, Jul 13, 2015 at 1:26 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Ah,
>>
>> forgot about:
>>
>> Your squid in scheme I wrote will have static gray IP. And this IP must
>> be excluded from DHCP pool on router.
>>
>> 14.07.15 2:15, John Pearson пишет:
>> > Hi Everyone,
>> >
>> > My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Router <-->
>> > Devices
>> >
>> > Currently the Router is doing NAT and DHCP for the devices connected to
>> it.
>> > Squid is in transparent mode. I set up a bridge ( br0). I set up the
>> > ebtables and iptables. It works but I want to figure out a way without
>> > having to configure Squid server or Router with hardcoded addresses.
>> >
>> > I have it working with either setup:
>> > 1. Remove the bridge ( br0) and setup the Squid server eth1 as a static
>> IP
>> > address and set Squid server IP address as gateway in Router settings.
>> > 2. Since Squid server is in bridge mode, I can hard code IP address in a
>> > Squid ACL as all traffic appears to come this IP address from the
>> router.
>> >
>> > I want a way to do this without any setup, basically to take a Squid box
>> > and place it before a Router. Is there a way to do this ?
>> >
>> > A few ideas that might be wrong:
>> > 1. In bridge mode, http_access allow CURRENTIPADDRESS  (
>> CURRENTIPADDRESS
>> > is the dynamic IP address provided the ISP ) Is there a way to obtain
>> this
>> > in the squid.conf file ?
>> > 2. Setup a DHCP server alongside Squid server and have Squid(DHCP) <-->
>> > Router(DHCP, NAT) and have same dhcp address given to the Router in
>> > squid.conf as http_access allow localnet
>> >
>> > Thanks in advance!
>> >
>> >
>> >
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQEbBAEBCAAGBQJVpB7aAAoJENNXIZxhPexGJcgH+IcaMqoEwlcRYFNCWqKT/Msc
>> I6aMD/82Uw5ow/HayX/GrxCHTzYjdCzXDXJTP9cAnHZaMnvOPxtCGuVocEHNEiOa
>> sDsZC9P074hoANDEAYXycWF73auCxYg4jcg8dRtbZwVEazwYsMVN6ye5a3i9EaZM
>> /DotQ78htLNRJrLhoCO9yQBtJObcUs+eyOie4oxk4YWSfQMcjZOXen7U8K8KGQuH
>> cOBcodLJv/eP1T+CcEe3ATr8Szo+zQ648jG27pdy7XuPecek7sWllRnyq93fpkID
>> FnvOr21R3gLBBdStYty43PKQ/4Z3d4vp56aYEweKBsGJV9kVC2QMjDXLOzrbug==
>> =1pgP
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150713/43aa6cd5/attachment-0001.html>


More information about the squid-users mailing list