ADSL & Leased Line Problems.

Ashleen · 01-20-2011, 01:15 PM

Dear all,
i am facing a problem in my network. let me explain...

i have a leased line ( speed 2 MB ) which we use to connect to our mail server , oracle ERP etc.. we have a dhcp scope defined as 192.168.100.1-192.168.101.254. with a default gateway as 192.168.100.90 ( which is a cisco router ) we have a pix firewall ( 192.168.100.10 ).. now the gateway passed all the request to firewall..
we have an ADSL of 4 MB speed.. ip is 83.*.*.230 from ISP. i have a proxy server ( squid ) eth0 is connected to ISP (83.*.*.230).. eth1 to LAN ( 192.168.100.79 ) now the problem is when i put default gateway to eth1 ie 192.168.100.90 the squid connects to internet via leased line.. if i leave the default gateway field empty on eth1 , the squid connects to internet via ADSL ( which i want ) but the problem is no one on the lan cant ping the squid server ( no connectivity to internet for the whole LAN ) how can i solve this problem?

PS : i want squid to connect to internet with ADSL, but if i put gateway on eth1 ie LAN squid goes through leased line which i dont want to happen. i appreciate any help in this regard. i tried all possible ways...

kbp · 01-21-2011, 06:07 AM

Your network design needs a bit of work, the problem is that you'll have asynchronous routes because all the devices are on the same network

You need to move the proxy and the firewall to a different network on the other side of the router:

Code:

[lan]----[cisco router]----[proxy]---<adsl>-----[internet]
                       \---[firewall]--<leased_line>--[firewall?]---[mail + ERP servers]

Then you can configure the default gateway on the cisco router to be the squid proxy and set up static routes for the mail and ERP servers network/s via the firewall

Is this clear enough ?

cheers

Ashleen · 01-22-2011, 03:41 AM

Quote:

Originally Posted by kbp

Your network design needs a bit of work, the problem is that you'll have asynchronous routes because all the devices are on the same network

You need to move the proxy and the firewall to a different network on the other side of the router:

Code:

[lan]----[cisco router]----[proxy]---<adsl>-----[internet]
                       \---[firewall]--<leased_line>--[firewall?]---[mail + ERP servers]

Then you can configure the default gateway on the cisco router to be the squid proxy and set up static routes for the mail and ERP servers network/s via the firewall

Is this clear enough ?

cheers

mate, i can not change the network setup.. with the current setup i want squid to connect to interent via ADSL.. is there any way that i can avoid the default gateway scenario in squid.. ? eth0 must connect to internet via adsl gateway ie 83.*.*.230.. it should not take the default gateway of eth1 ie 192.168.100.90 ( which is happening in the current scenario )

kbp · 01-22-2011, 06:13 AM

If the cisco router's default gateway is set to the proxy and you add static routes for mail and ERP via the firewall, the traffic flow will look like this:

Outbound packet:
[pc]---[router]----[squid]----[internet]
return packet:
[internet]----[squid]----[pc]

The squid box will send the reply traffic directly to the pc because they're on the same network, not via the router. To the pc it will look like the remote side never answered and it also received an unsolicited packet from squid.

You may be able to use the router if you configure it to NAT, but otherwise you'll need to set the default gateway for the pc's to be the proxy and add static routes on each one for mail and ERP via the firewall.. not a clean solution.