Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In office we have firewall/router built in FreeBSD. Currently all lan computers go to internet through this server. People don't use proxy server.
I wonder if it is possible to setup squid server which will be between FreeBSD server and computers in LAN? Of course that squid server will have only one NIC and it will be in the same network as other computers in the LAN. Only squid server will have access to internet through the FreeBSD server and other computers in the LAN won't be able to go to internet through FreeBSD, but only through the squid server. As far as I feel I will need to use iptables (and if possible shorewall) for that...
I'm planning to use for squid server debian or gentoo.
Please, tell me about your thought concerning my idea above.
Am assuming you know the idea behind squid as a proxy. If your lan will access the internet thru' the proxy which will in turn access the internet thru' the FreeBSD box then you most definately need two NICs.
Here's how it goes: Connect your proxy to the FreeBSD box through eth0 and give it an address in the same subnet as the FreeBSD box assuming that your FreeBSD box has 172.20.x.x. Then on eth1 connect your proxy to a switch if you like which will then open up connections to your lan. however you need to give your machines on the lan the eth1 address which will has to be on the same subnet as eth1's address eg 192.168.x.x.
Then go to squid and do the necessary.
This can be done by manipulating the routing table and configuring squid as a transparent proxy.
1. configure the proxy server to use FreeBSD's LAN IP as the default gateway, so that the proxy server has internet access through the FreeBSD box
2. configure the squid to be a transparent proxy
3. all other machines in the LAN have the proxy server's LAN IP as default gateway
4. in the proxy server, create an iptable rule to redirect all incoming traffic on certain ports (i.e. 80) to the port the squid is listening on.
As long as you don't give root permission to the users on your LAN machines, they can not change the routing table. The default gateway configuration can also be done by dhcpd if you have one in your LAN.
You may not need another box for the proxy in this case. You may be able to run squid in the FreeBSD box and configure the firewall rules to redirect incoming traffic on certain ports to squid and drop all other packets you don't want.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.