[K12OSN] K12LTSP, Squid & SquidGuard

John Pace jpace at webstercounty.lib.mo.us
Tue Mar 9 17:15:01 UTC 2004 

I got delayed, back to my setup. With any luck (insert big grin here) I will
be able to stick with this until it works. Right now it does not work...

I have a small test network setup with the DG/Squid box, a switch, and a
client. Still have not got it working yet. I think part of my problem is
that I do not truly understand the way the two NICs in the DG/Squid box
relate to the DG and Squid services that are running.

Is this general statement correct? "The client computers send their traffic
to DG, and if approved it is then relayed to Squid, and if approved Squid
sends the request through the gateway, which in my case is an IPCop
firewall."

Client questions:

1. Configuring TCP/IP on the client (Gateway): To send requests through DG,
which NIC IP on the DG/Squid box do I use as the default gateway on the
client? I think I should use the IP of the  NIC on the "green" side, not the
IP of the NIC that has direct internet access. Correct?

2. Configuring TCP/IP on the client (DNS): My firewall handles DNS, do I use
it's IP for name resolution?

DG/Squid NIC questions:

1. Do the NICs use different gateways?

If so, does the red NIC (the one facing the internet) use my firewall as the
gateway IP? That is the IP our clients are currently using as their gateway.

Does the green (network side) use the IP of the red NIC as it's gateway? Is
one NIC funneling traffic to another the way my firewall does?

2. Do the NICs use different DSN IPs? Do they use my firewall IP since it
handles DNS?

DG specific questions and info: (I am using Webmin to configure DG)

I can find 4 settings that relate to IP/Ports in the "View / edit Config"
option. Filter IP and Filter Port which I have set to 192.168.1.60:8080. IP
".60" is the IP of the NIC facing the internet, or should this be
192.168.1.61:8080? IP ".61) is the NIC facing the network/clients. The other
two setting are Proxy Ip and Proxy Port which I have left to the default of
127.0.0.1:3128

Squid specific questions and info: (I am using Webmin to configure Squid)

Under the "Ports and Networking" I found "Proxy Addresses and Ports" which
is set to 127.0.0.1:3128

Whew... lot of questions.

Also, should I be able to "ping" the DG/Squid box? I can't. The cable is
good and if I physically bypass the DG box I can access the internet.

Any help will be appreciated!


John Pace
Webster County Library
(417) 468-3335
jpace at webstercounty.lib.mo.us




-----Original Message-----
From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com]On Behalf
Of Richard K. Ingalls
Sent: Monday, March 08, 2004 1:13 PM
To: k12osn at redhat.com
Subject: Re: [K12OSN] K12LTSP, Squid & SquidGuard


John Pace wrote:
> Richard,
>
> When you say all computers in your network use this boxes IP as their
> gateway, you mean the "green" NIC, right?
>
>>From the client should I be able to ping DG?
>
> This is what I have so far:
>
> -internet feed coming into the Squid/DG box on NIC 192.168.1.60
>
> -Network leaves Squid/DG box on other NIC, 192.168.1.61 and goes to 8 port
> switch.
>
> -one client connected to switch.
>
> Squid configured: Proxy address 127.0.0.1 port 3128
>
> DG Configured: Filter IP/Port: 192.168.1.61:8080, Proxy IP/Port:
> 127.0.0.1:3128
>
> Client GW/DNS is the firewall (192.168.1.99), Should I change the client
GW
> to 192.168.1.61? DNS the same? Or leave them pointing to firewall? I have
> tried both ways, neither worked.
>
> NIC configs on the Squid/DG box:
> eth0: IP 192.168.1.60, GW 192.168.1.99 (firewall)
> eth1: IP 192.168.1.61, GW 192.168.1.99 (firewall)
>
> Thanks!
>
> John
>

sorry for the time to reply.  i've been swamped and i'm just coming up
for air right now.  did you get this resolved yet?  i think i saw
someone post about the http_access part of squid.conf.  that sounds
like the solution to me.  give it a shot.  keep us posted online.
--
===========================================================
Richard K. Ingalls
Director of Information Technology
Glenwood R-8 School District
West Plains, MO

email..ringalls at glenwood.k12.mo.us
web....glenwood.k12.mo.us
ph.....417.256.4849
fax....417.257.2567

"Glenwood R-8: home of the mustangs!"
===========================================================


_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list