[squid-users] Using Squid with 1 NIC
Yuri Voinov
yvoinov at gmail.com
Sat Apr 23 19:30:05 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
24.04.16 1:26, Tom пишет:
> Sorry for not being more clearer on my first post. So I have a VMware environment running mostly
CentOS 6 and multiple port groups:
>
> Each port group it its own network segment. Please see below:
>
> 192.168.1.0/24 <http://192.168.1.0/24>
> GW 192.168.1.1
> proxy=192.168.1.2
> CentOS servers in this network 192.168.1.0/24 <http://192.168.1.0/24>
>
> 192.168.2.0/24 <http://192.168.2.0/24>
> GW 192.168.2.1
> proxy=192.168.2.2
> CentOS servers in this network 192.168.2.0/24 <http://192.168.2.0/24>
>
> 192.168.3.0/24 <http://192.168.3.0/24>
> GW 192.168.3.1
> proxy=192.168.3.2
> CentOS servers in this network 192.168.3.0/24 <http://192.168.3.0/24>
>
> Now I planned to install/configure a Squid proxy server (one NIC) in
each network and all clients will be going through it. Now these are
CentOS 6 servers, not workstations. I need all servers in each network
segment to go through the proxy so traffic can be monitored for each
network. Now would a transparent proxy help?? Hope this make sense.
Using a transparent proxy depends on whether it is possible to configure
clients to use a proxy or not.
In most cases, no one here recommends the use of a transparent proxy,
because there are a number of restrictions and high technical expertise
for quality implementation. Also the most fundamental restriction (but I
don't think so) is only possible to proxying HTTP/HTTPS.
>
> On Sat, Apr 23, 2016 at 1:50 PM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> I've based on op's diagram. We are know nothing about what he want.
> Thelepaty on Bali on vacation.
>
>
> 23.04.16 23:46, Antony Stone пишет:
> > On Saturday 23 April 2016 at 19:12:56, Yuri Voinov wrote:
>
> >> http://wiki.squid-cache.org/ConfigExamples/Intercept
>
> > Surely there's no reason to have to set up intercept mode (unless the
> OP can't
> > configure the applications to use an explicit proxy)?
>
> > I'm assuming the gateway 192.168.1.1 does outbound NAT to the Internet
> > (otherwise nothing would work), so all that's needed is to set up
> Squid on
> > 192.168.1.2 to allow access from 192.168.1.0/24
<http://192.168.1.0/24>, with a default
> gateway of
> > 192.168.1.1, and then configure each of the 192.168.1.x client
> machines to use
> > 192.168.1.2:3128 <http://192.168.1.2:3128> as their proxy server?
>
> >> 23.04.16 23:08, Tom Ku пишет:
> >>> Hi All,
> >>>
> >>> I know this question has been beaten to death but I can't seem to find
> >>> any answers via google. So i'm trying to set up a Squid proxy for my
> >>> VMware infrastructure. I have multiple port groups networks and I
plan
> >>> to put a Squid server in each port group to monitor network/internet
> >>> traffic. So I would like my setup like this:
> >>>
> >>> 192.168.1.1 - Gateway
> >>> ^
> >>> l
> >>> l
> >>> l
> >>> Squid Proxy - 192.168.1.2)
> >>> ^
> >>> l
> >>> l
> >>> l
> >>> VMs (clients - 192.168.1.x/24)
> >>>
> >>> Now i can only have 1 NIC on the Squid server. I've read that
> >>> iptables will probably have to be configured. Any help would be
> >>> appreciated.
>
> > I think one important thing you have missed out is why you need to use
> Squid
> > at all in such a setup? What are you trying to achieve by
> implementing it,
> > instead of just giving all clients direct access to the Internet?
>
>
>
> > Antony.
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXG809AAoJENNXIZxhPexG18cH/3AXP3mwu/lAmNdTru8rbPT1
iStds/GKw9BOTebKRMtdkOB9F5kBqYSVugksXwAKbOjrisMC0d69iA9ovocUvQiY
DpsaZHybtwZYnSc8TO+hKgI5U4DGYFsBIYudDPyRlLIj6iluCRziHjetyQ2iMHru
d9KNZiQGMMBTwjPyI+YDP4IVYuE8BGyEzlYSib4vAYb1nQAsMyX0tElrfvzmZB4h
DaeKbJlyK7HdsaSZMFR+hz3CNW0uHzsTxchrW6lXPBkFsU25tcwuRhE1Rfh2i0UQ
MqHUIzwTqNIvmIFbKkbQeLXbIPFUDNWtAeOBKy/XkKCiIZJJ0fm42g/5oFwaIas=
=bfyf
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160424/a45d09e2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160424/a45d09e2/attachment-0001.key>
More information about the squid-users
mailing list