LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Squid behind main router (http://www.linuxquestions.org/questions/linux-networking-3/squid-behind-main-router-474506/)

AQG 08-16-2006 04:15 PM

Squid behind main router
 
Hi, I want to set up a proxy(squid) server using SuSE 10 but would like to know if the proxy will filter the MAC addresses of my PC's.
ISP==>MAIN ROUTER==>OTHERSWITCHES/ROUTERS==>PC'S

the main question is where to put my squid box?
p.s. I posted on Linux Security Forum and they helped me a lot but hope you can help me with this one.

Thank you!!!

acid_kewpie 08-16-2006 04:52 PM

what do you mean about mac filtering? the mac address of the original client will be in no way visiblein the proxied http request. as to where to put it... somewhere between the clients and the external router really, as long as it is somewhere on that route you can do transparent proxying and such like, but then if you are going to use it as an explicit proxy i'd say you should create a dmz (you mention vlan's in other posts, so a dmz vlan would be ideal) and then just route into that vlan as close to the internet edge as you like.

btw, i nearly closed this post as a douplicate of your security one... just about squeaked through,,,

AQG 08-16-2006 05:35 PM

Sorry about that, you see i'm kind of new to linux and networking and probably did not expain correctly, what i ment by filtering is that if my proxy will be able to see the MAC's of my pc clients if i attache the proxy to the main router?

ny help and links to documentation will be helpfull

Thank you very much!!!

acid_kewpie 08-17-2006 02:50 AM

mac addresses only live within a local subnet. once your traffic has been routed then that's your lot. MAC address filtering seems a very odd idea, why aren'ty you just authorizing on source address at a most basic level..?

AQG 08-22-2006 12:45 AM

Quote:

Originally Posted by acid_kewpie
mac addresses only live within a local subnet. once your traffic has been routed then that's your lot. MAC address filtering seems a very odd idea, why aren'ty you just authorizing on source address at a most basic level..?

OK, then woul it be posible to install network cards one for each subnet on my squid box and 1 more that has acces to the internet and filter clients using their MAC addresses.

I've been looking arounda but still no answer. on the forum of security i was recommended a book which i still havent found yet.

but i'm still working on it. so any extra help is appreciated!!!

Thank you all!!!!

AQG 08-31-2006 01:19 PM

Thank you people you've been of great help.
Finally got it working using 3 Dual NIC's, one for each VLAN. This way my proxy knows the MAC's from each VLAN.

acid_kewpie 08-31-2006 02:00 PM

well that's doable, but of course it's not very scalable. more of than not though, solutions don't need to scale have fun.


All times are GMT -5. The time now is 11:51 PM.