LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-16-2006, 04:15 PM   #1
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 162

Rep: Reputation: 30
Squid behind main router


Hi, I want to set up a proxy(squid) server using SuSE 10 but would like to know if the proxy will filter the MAC addresses of my PC's.
ISP==>MAIN ROUTER==>OTHERSWITCHES/ROUTERS==>PC'S

the main question is where to put my squid box?
p.s. I posted on Linux Security Forum and they helped me a lot but hope you can help me with this one.

Thank you!!!

Last edited by AQG; 08-16-2006 at 04:17 PM.
 
Old 08-16-2006, 04:52 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
what do you mean about mac filtering? the mac address of the original client will be in no way visiblein the proxied http request. as to where to put it... somewhere between the clients and the external router really, as long as it is somewhere on that route you can do transparent proxying and such like, but then if you are going to use it as an explicit proxy i'd say you should create a dmz (you mention vlan's in other posts, so a dmz vlan would be ideal) and then just route into that vlan as close to the internet edge as you like.

btw, i nearly closed this post as a douplicate of your security one... just about squeaked through,,,
 
Old 08-16-2006, 05:35 PM   #3
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 162

Original Poster
Rep: Reputation: 30
Sorry about that, you see i'm kind of new to linux and networking and probably did not expain correctly, what i ment by filtering is that if my proxy will be able to see the MAC's of my pc clients if i attache the proxy to the main router?

ny help and links to documentation will be helpfull

Thank you very much!!!

Last edited by AQG; 08-16-2006 at 05:39 PM.
 
Old 08-17-2006, 02:50 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
mac addresses only live within a local subnet. once your traffic has been routed then that's your lot. MAC address filtering seems a very odd idea, why aren'ty you just authorizing on source address at a most basic level..?
 
Old 08-22-2006, 12:45 AM   #5
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 162

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie
mac addresses only live within a local subnet. once your traffic has been routed then that's your lot. MAC address filtering seems a very odd idea, why aren'ty you just authorizing on source address at a most basic level..?
OK, then woul it be posible to install network cards one for each subnet on my squid box and 1 more that has acces to the internet and filter clients using their MAC addresses.

I've been looking arounda but still no answer. on the forum of security i was recommended a book which i still havent found yet.

but i'm still working on it. so any extra help is appreciated!!!

Thank you all!!!!
 
Old 08-31-2006, 01:19 PM   #6
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 162

Original Poster
Rep: Reputation: 30
Thank you people you've been of great help.
Finally got it working using 3 Dual NIC's, one for each VLAN. This way my proxy knows the MAC's from each VLAN.
 
Old 08-31-2006, 02:00 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
well that's doable, but of course it's not very scalable. more of than not though, solutions don't need to scale have fun.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Router box forwarding IP addresses to main server? jmj99385 Linux - General 1 05-06-2006 08:08 AM
Router box forwarding IP addresses to main server? jmj99385 Slackware 3 05-05-2006 11:02 PM
Router box forwarding IP addresses to main server? jmj99385 Linux - Newbie 3 05-05-2006 11:00 PM
Router box forwarding IP addresses to main server? jmj99385 Linux - Networking 1 05-05-2006 05:25 PM
How do I turn my main box into a router? jlturbos Linux - Networking 4 03-07-2004 01:21 PM


All times are GMT -5. The time now is 11:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration