[COLUG] ipkungfu/squid problems
Brian Miller
bnmille at gmail.com
Fri Mar 7 22:09:17 EST 2008
On Wed, 2008-03-05 at 12:52 -0500, Robert Grimm wrote:
> Here is a little more information on my network configuration. I may
> repeat myself here a bit. There is a Cisco router at 192.168.1.1. It
> has a subnet mask of 255.255.255.0. The squid box is at 192.168.1.200.
> It is the gateway for most of the computers. The current squid box is
> working as a transparent proxy. The new server works as a direct
> replacement for the old squid box when the interfaces are on different
> subnets. Could I change the netmask on the router and on eth0 to
> 255.255.252.0 and use an address on the 192.168.0.0 network for the IP
> of eth0? Would this disrupt anything?
>
Unless your clients need to talk directly to the Internet without going
through your proxy server, there is no need to change the subnet mask.
If you leave the mask at 255.255.255.0 for clients, proxy, and router,
you get the proxy to work the way you built it. The clients should be
set to have a default gateway of 192.168.1.200. The proxy server would
have it's default route set to the IP address of the Cisco router, in
this case 192.168.0.1. Although the clients might technically still be
able to reach the router, if you do a traceroute (tracert on Windows)
you should see that it takes two hops to reach the Cisco router. On the
other hand, a traceroute to 192.168.1.200 will only take a single hop.
With a subnet of 255.255.255.0, the clients won't know how to talk
directly to 192.168.0.1. And your router will redirect all traffic for
the clients through the proxy server.
More information about the colug432
mailing list