Yan Seiner wrote:
> I have a question about setting up squid in my environment.
>
> My network is fairly generic:
>
> a firewall running openwrt, 4 mb flash and 8 mb ram, providing NAT
> a server providing DNS and DHCP services; this machine is also used for
> terminal services so users are logged in to this machine directly
> assorted clients
>
> I've had squid set up on a 'opt-in' basis. Now I have a request to make
> it transparent for all users with the intent of disabling web access
> during specified hours.
>
> The problem I have is that my firewall is not able to run squid, and all
> the examples assume that the squid box is either the firewall or
> provides NAT.
>
> Is it possible, without a huge amount of complications, to run squid on
> this sort of setup?
>
> If so, does anyone have a recipe for doing so?
>
Squid box had best be the one doing NAT because all source info is lost
during NAT interception and Squid needs to look it up. Note I wrote "NAT
interception", thats a more correct name for "transparent".
Squid does not have to be on the firewall or router to do NAT though:
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
the tutorial ironically was written for people using OpenWRT :)
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1Received on Fri May 29 2009 - 13:02:06 MDT
This archive was generated by hypermail 2.2.0 : Sat May 30 2009 - 12:00:02 MDT