[COLUG] ipkungfu/squid problems

[Brian Miller]

On Tue, 2008-03-04 at 11:41 -0500, Robert Grimm wrote:
> I don't have access to it right now to look at netstat, but I thought  
> the interfaces being on the same subnet might have something to do  
> with the problem. I'm replacing a FreeBSD server that ran Squid as a  
> transparent proxy using only one interface. I wanted to do that, but  
> everything I found on the subject for Linux said I needed a second  
> interface. Can it be done with one interface? That would be much  
> easier to integrate into the network in terms of addressing and cabling.
> 

I can't certify that this will work (since I've never tried it), but all
of your workstations need to use the IP address of eth1 as their default
gateway.  Then you will need to set up a static route to use eth1 for
all traffic to the 192.168.xx.xx, with the exception of the real default
gateway for the subnet.  All traffic that needs the default gateway will
need to be configured to use eth0 going to the real gateway for the
subnet.

If everyone is on one subnet, that implies you have another firewall
someplace.  I'd get rid of the firewall on the squid server, other than
any rules necessary to redirect traffic from port 80 to the 3128 port
that squid listens on.

On the other hand, if you configure your clients to use a proxy server,
you may be able to just use a single interface on squid.  

Another option is to use 2 subnets on one switch.  You should be able to
configure eth0 and the subnet's real default gateway to use a different
IP range from the rest of the clients.  Then your clients would not have
to be configured to use a proxy server, just configure their default
gateway to the IP of eth1.  This wouldn't require rewiring the network,
just a creative use of IP addresses.