Thanks Yuri for the response, I understand. I do have Shorewall configured and I understand the security implications. My Router is also the Wireless AP, so I want to try out this setup without having to buy another Wireless AP.
I don't mind it being complex, do you have any suggestions on getting Internet <---> Squid <---> Router (NAT) working ? Thanks! On Mon, Jul 13, 2015 at 1:33 PM, John Pearson <johnpearson...@gmail.com> wrote: > Thanks Yuri for the response, I understand. I do have Shorewall configured > and I understand the security implications. My Router is also the Wireless > AP, so I want to try out this setup without having to buy another Wireless > AP. > > I don't mind it being complex, do you have any suggestions on getting > Internet <---> Squid <---> Router (NAT) working ? > > Thanks! > > On Mon, Jul 13, 2015 at 1:26 PM, Yuri Voinov <yvoi...@gmail.com> wrote: > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Ah, >> >> forgot about: >> >> Your squid in scheme I wrote will have static gray IP. And this IP must >> be excluded from DHCP pool on router. >> >> 14.07.15 2:15, John Pearson пишет: >> > Hi Everyone, >> > >> > My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Router <--> >> > Devices >> > >> > Currently the Router is doing NAT and DHCP for the devices connected to >> it. >> > Squid is in transparent mode. I set up a bridge ( br0). I set up the >> > ebtables and iptables. It works but I want to figure out a way without >> > having to configure Squid server or Router with hardcoded addresses. >> > >> > I have it working with either setup: >> > 1. Remove the bridge ( br0) and setup the Squid server eth1 as a static >> IP >> > address and set Squid server IP address as gateway in Router settings. >> > 2. Since Squid server is in bridge mode, I can hard code IP address in a >> > Squid ACL as all traffic appears to come this IP address from the >> router. >> > >> > I want a way to do this without any setup, basically to take a Squid box >> > and place it before a Router. Is there a way to do this ? >> > >> > A few ideas that might be wrong: >> > 1. In bridge mode, http_access allow CURRENTIPADDRESS ( >> CURRENTIPADDRESS >> > is the dynamic IP address provided the ISP ) Is there a way to obtain >> this >> > in the squid.conf file ? >> > 2. Setup a DHCP server alongside Squid server and have Squid(DHCP) <--> >> > Router(DHCP, NAT) and have same dhcp address given to the Router in >> > squid.conf as http_access allow localnet >> > >> > Thanks in advance! >> > >> > >> > >> > _______________________________________________ >> > squid-users mailing list >> > squid-users@lists.squid-cache.org >> > http://lists.squid-cache.org/listinfo/squid-users >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> >> iQEbBAEBCAAGBQJVpB7aAAoJENNXIZxhPexGJcgH+IcaMqoEwlcRYFNCWqKT/Msc >> I6aMD/82Uw5ow/HayX/GrxCHTzYjdCzXDXJTP9cAnHZaMnvOPxtCGuVocEHNEiOa >> sDsZC9P074hoANDEAYXycWF73auCxYg4jcg8dRtbZwVEazwYsMVN6ye5a3i9EaZM >> /DotQ78htLNRJrLhoCO9yQBtJObcUs+eyOie4oxk4YWSfQMcjZOXen7U8K8KGQuH >> cOBcodLJv/eP1T+CcEe3ATr8Szo+zQ648jG27pdy7XuPecek7sWllRnyq93fpkID >> FnvOr21R3gLBBdStYty43PKQ/4Z3d4vp56aYEweKBsGJV9kVC2QMjDXLOzrbug== >> =1pgP >> -----END PGP SIGNATURE----- >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
