Re: [squid-users] Problems forcing mandatory proxy use.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 14 Jan 2009 15:44:36 +1300

Richard Chapman wrote:
> Thanks Matthew
>
> The network has evolved from NAT without squid to NAt+squid - so I
> hadn't thought about eliminating NAT altogether. Do you have much
> experience with "squid only" networks. Will squid handle all the "other
> stuff" well. eg IM, bittorrrent, etc. Indeed - can these applications be
> persuaded to direct traffic through the proxy anyway. Are there any
> other consideration before turning of NAT?

Squid itself won't. But the box underneath it will have firewall and
routing control you can use (assuming its a non-windows box).

Amos

>
> Thanks again
>
> Richard.
>
>
>
> matthew jones wrote:
>> is there any need to use NAT. you could simply forward all data to the
>> squid by setting it's IP address as the DMZ server in the WAN setup
>> page. which would send all incomming DSL data to the IP address.
>>
>> if it's a tight network your after you should think about have the
>> squid dual homed, one connecting to the router/firewall and the other
>> to your network, thus forcing all data to pass through the proxy. also
>> the proxy may be proxying data on more ports than 80 such as https on
>> port 4** ect.
>>
>> i have a GD834g too but havent tried the above as i use NAT and not a
>> proxy at home.
>>
>> matt.
>>
>> Richard Chapman wrote:
>>> I have squid operating well on a small NAT network. Currently - all
>>> clients select "automatic proxy detection" and that is all working
>>> correctly with proxy.pac script on the http server.
>>> I wanted to ensure that the proxy is handling ALL http traffic ALL of
>>> the time - so I can be confident of the statistics generated by sarg
>>> (squid analysis and report generator).
>>>
>>> I thought this should e easy. I have a netgear DG834G router acting
>>> as the internet DSL connection. I added 2 outgoing firewall rules in
>>> the Dg834G:
>>> 1) allow all going traffic from the squid servers local IP.
>>> 2) Block port 80 traffic from all (other) local ip addresses.
>>>
>>> When I apply these 2 rules - the network experiences erratic internet
>>> access. Some sites work some of the time - but not everything works
>>> correctly. I have tried disabling the above rules - then enabling
>>> just rule 1 - and even then the network behaves erratically. Note
>>> that rule 1 is an "allow" rule. But as soon as I disable both rules -
>>> everything returns to normal.
>>>
>>> This seems very weird to me. Can anyone suggest some subtlety I am
>>> overlooking?
>>> I have checked the netgear knowledge base and there are no glaring
>>> bugs reported related to this behaviour. I have updated to the latest
>>> netgear firmware. I can only assume the DG834 is not behaving as
>>> expected. Can anyone se another explanation?
>>>
>>> In case it is relevant - the linux box is performing squid, dns,
>>> dhcp, http and lots of other stuff but the dg834 is performing NAT
>>> (and only NAT).
>>>
>>> Thanks
>>>
>>> Richard.
>>>
>>>
>>>
>>>
>>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
   Current Beta Squid 3.1.0.3
Received on Wed Jan 14 2009 - 02:46:08 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 15 2009 - 12:00:02 MST