0
cyberskydive

proxy server (squid) --hheeellp

By cyberskydive, in The Bonfire

Recommended Posts

cyberskydive    0

cyberskydive
So we have all these computers in the house now and being the opportunist I decided to set up a proxy server instead of us having to pay for more ip's -lol

so I chose SQUID

problem is, no matter what I put in the acl's , running ' squid -N -d 1 ' says that it's accepting http requests at 0.0.0.0 instead of the http_accept 192.168.0.0/255.255.255.0 i specified.

i explicitly denied access to all (0.0.0.0/0.0.0.0)

i can ping hosts and they can ping me-lol, browsers setup right as far as I know..............anyone have experience with this?
-System.Windows.IUnknown.Crash.Reboot.Crash.Reboot.Freeze.Crash.Reboot.Break.Stuff.dot...

Share this post

Link to post
Share on other sites

lummy    4

lummy
Hmmm nope, sorry. What I do have experience with is NAT (Network Address Translation, funneling all internal IP's to one IP address on the external interface) which is what it sounds like you are trying to accomplish.
I've looked at squid as a caching proxy to help speed up web page loads but was unaware that it did NAT too..
How imprtant is it to get Squid working? Or would you look at other alternatives to accomplish what you are trying to do?
what OS are you running as the gateway server? I'd be glad to help, just ask away...
I promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1

Share this post

Link to post
Share on other sites

indyz    1

indyz
SQUID doesn't do NAT, it is just a normal HTTP proxy. Which, I guess, is limited NAT on only one port (but not really). You get the advantages of a caching proxy, plus it is easier to set up things like site filtering, limiting unrestricted browsing to certain times or computers, user activity logging, etc. A NAT gateway wouldn't be able to do those things, although you can set up NAT to do some dirty tricks like funnelling all port 80 (HTTP) traffic through a transparent proxy so that users can't just change their browser settings to get unrestricted/unlogged browsing.

Share this post

Link to post
Share on other sites

lummy    4

lummy
Quote

although you can set up NAT to do some dirty tricks like funnelling all port 80 (HTTP) traffic through a transparent proxy so that users can't just change their browser settings to get unrestricted/unlogged browsing.



Not dirty tricks actually, that's how most proxies are setup, with NAT redirecting all port 80 traffic to the proxy server. What confuses me is if and how Squid is listening on the internal port and translating it to the external IP and interface. You can't use a private subnet(RFC1918, 192.168.0.0) and route it to the outside world (well you can, but a properly configured firewall will ignore it) which is what it looks as if he is trying to do.

Either way, here's some good info about squid ACLs from the authors
.
I promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1

Share this post

Link to post
Share on other sites

indyz    1

indyz
You can put the proxy on a computer with two interfaces, one upstream with a routable IP address, and one on the internal addresses. Although, in this case, NAT makes far more sense to me than a proxy unless caching to conserve bandwidth is a concern.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing