Re: [squid-users] Squid via Network Wireless Router & Wireless Clients

On 7/07/2012 9:36 p.m., Adrian Miller wrote:
> On 7 July 2012 19:02, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 7/07/2012 6:10 p.m., Adrian Miller wrote:
>>> Squid via Network Wireless Router & Wireless Clients
>>>
>>> Hopefully this is a simple question, with an equally quick answer.
>>>
>>> I have set up traditional squid setups before, with the 2 NIC setup.
>>>
>>> This time though i have only a wireless router connected via ethernet
>>> to the squid box (1 NIC only).
>>>
>>> All clients will connect to the squid box via the wireless router.
>>>
>>> i.e.
>>> Code:
>>>
>>> Wireless Client Laptops
>>> |
>>> \/
>>> Wireless Router/ADSL2 Modem ---- > Interwebs
>>> | /\
>>> \/ |
>>> Squid
>>>
>>> So my question (and im probably looking for reinforcement/outright
>>> ridicule for my own thoughts) is
>>>
>>> "Whats the best way to implement this?"
>>>
>>> Is it as simple as forwarding all traffic from the router port 80 to
>>> the squid box port 3128 in the router config and running the squid box
>>> in transparent mode.
>>
>> Yes it can be that simple. The only issue is whether your
>> wireless+router+adsl+modem combo box supports it. The usual "port
>> forwarding" supplied by CPE boxes with off the shelf commercial software
>> does not work well. OpenWRT and such which allow much deeper admin control
>> can be configured fairly easily using the Squid wiki configs like any
>> router.
> Yeah, i understand that most routers lack the iptables option of the
> WRT firmwares, but thats what im stuck with.
>
> To be precise im stuck with a Billion 7800N wireless router/adls2+ modem.
>
> Im dealing with a small club who want to implement this without too
> many changes to the system hardware wise. If i even thought i could
> get them to accept adding a simple adsl router in addition to the
> existing setup i would, but these are the kind of people who would
> just say "but we already have one" :)
>
> Im pretty much going to try one of these, as these appear to be the
> options i can find in my head and out on the interwebs. Theres
> surprisngly not a lot of info readily available (at least in my
> search) that covers setting up squid with one NIC.
>
> In order of preference -
>
> a) Run squid in transparent mode, Forward port 80 on the router to
> squid on 3128.

Possible but dangerous. I advise against unless you have no other
choice, but...

>
> b) Set each client machines IP to static and use the squid box's ip as
> the default gateway. On the squid box, redirect port 80 via Iptables
> to port 3128. Not as bad as it sounds because i generally like static
> IP's anyways and it will make logging/auditing easier as there wont be
> any auth used for squid.
>
> c) Set the browser on each client manually to the squid box.

These work well if you are willing to face the admin maintenance work.
And yes its easier to do (b) than play with DNS settings on that type of
CPE.

Amos
Received on Sat Jul 07 2012 - 09:52:06 MDT