On 21 Aug 2001 10:55:03 -0500, Pons, Eric wrote:
> I have just installed Squid on a Slackware Linux 8.0 box running kernel
> 2.2.19
> I have two NIC's in it. One using address 192.168.1.4 and 192.168.1.14
> The problem has been the netscreen placed between the internet and the
> internal network. My boss wants the Squid to be behind the netscreen. Some
> users on the local net are unauthorized to access certain web pages, and
> other are allowed full access. The way I had it figured is that I would have
> the netscreen to allow full access to the Squid address 192.168.1.14 and
> allow only limited access to Squid access 192.168.1.4
It is much easier to just allow squid - say 192.168.1.4 full access, and
then administer your access control via squid.conf. This will remove the
need for separate proxy address's/ports, etc.
> I would then bind port 8080 to 192.168.1.4 and port 3128 to 192.168.1.14
If you want to do that you need the syntax
http_port 1.2.3.4:8080
> I would then modify my routing table so that any incoming connections on
> address 192.168.1.14 would route from that address to the gateway
> and any incoming connections on address 192.168.1.4 would route through the
> same gateway.
That routing table will not affect the squid connections. Squid has two
connections for each request - one to the browser, one to the server.
> I would setup proxy access on the full access machine to 192.168.1.14 port
> 3128 and the unauthorized to go via 192.168.1.4 port 8080
> Is this possible?
Yes, with the my_port acl and parent caches. Not easy, and not the most
effective way.
How else can I do it?
See my first comment.
Rob
Received on Tue Aug 21 2001 - 19:34:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:53 MST