Re: [squid-users] bypass squid for second address range

From: Kinkie <kinkie-squid@dont-contact.us>
Date: Sat, 29 Jan 2005 10:06:09 +0100

On Mon, 2005-01-24 at 17:44 +1300, greylake wrote:
> hello
>
> lan_one|-------------|gateway|---------|lan_two
> | |
> squidbox |
> (member of lan_one) |
> |
> (world)
>

>
> question 1.
>
> at the moment traffic from BOTH lans seems to be prerouted to the squid
> box
> but i want lan_two traffic to bypass the squidbox and go direct ( for
> now...)
>
> i'm sure its iptables syntax but i cant seem to get it to work
> any advice or examples greatly appreciated
>

[...]
Sorry, I'm a bit confused. Are you using a transparent proxy here?
It would seem so, but if so there's unnecessary cruft in the tables, and
also the network diagram seems a bit odd (a lollypop will effectively
halve the bandwidth available to the clients). If not, the tables are
useless, and you should put that kind of logic in a proxy
autoconfiguration script (pac-file).
What is the default gateway for the clients?

> ---------------------------------------------------------------------------------
>
>
>
>
>
> question 2.
>
> if both lans do use the cache ( with a tighter iptables in place ) is it
> possible to cache but not log lan_two traffic ?

Not with squid 2.5, and 3.0 is not ready.
Also with this network design, it's not possible to have lan_two clients
use squid as a transparent proxy.

        Kinkie
Received on Sat Jan 29 2005 - 02:01:25 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST