[squid-users] Re: Squid + DansGuardian + Bridging

From: psd17j-jacob <jacob.roebauer_at_gmail.com>
Date: Thu, 19 Sep 2013 20:55:47 -0700 (PDT)

>Where is this bridge sitting in the network level?
>please share your situation in more details.
Sure! So we have the NOC MDF > proxy (in through eth0) //bridge (out eth1)
>router > ComCast.

Amos Jeffries-2 wrote
> The proxy operates on top of the *routing* component of the kernel. As
> you can note from the ebtables rules you have to bump the traffic out of
> the bridge into routing systems for iptables rules to send to the proxy.
> You may as well setup the box as a normal router (with VLAN routing) if
> that is easier than to implement the bridging. With the correct ebtables
> rules shifting traffic to routing the presence or absence of bridging
> should be irrelevant to the proxy operation.
>
> Another thing adding complexity is your usage of DansGuardian. It is a
> basic filtering proxy, not a fully-featured proxy like Squid. So things
> like the iptables MARK and QoS TOS/DSCP values are not even passed
> through it for Squid to make use of. This is simpler to fix since Squid
> can do anything DG can (just differently) you can drop the DG component
> entirely and just use Squid access controls.
>
> Amos

Hi Amos,

Thanks for your reply. I appreciate it. Basically I was simply following a
few guides I had found online on how to set this up. My understanding was
that you had to use vLAN tagging (the IP of br0 and br0.9 are on vLAN 9) but
from what you are saying, I gather we can just use br0?

The usage of DG was simply what was addressed in the guides I followed, and
it seemed like a simple enough interface (via webmin) for the person who
administers the deny/allow lists to access (he's 73 years old). If you have
other suggestions please do let me know.

Are there any obvious flaws you see with the way things are routed and
brouted? Am I missing something?

-Jacob

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-DansGuardian-Bridging-tp4662202p4662215.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Sep 20 2013 - 03:56:29 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 20 2013 - 12:00:05 MDT