I have a question about Squid Proxy

gotfrostbyte · 10-29-2003, 09:27 AM

Hi everyone,

I am currently setting up a proxy server using squid on my 800mhz computer system. I have several questions about setting up squid. The system I am using has dual ethernet cards. I currently have it setup so that eth0 is plugged into the dsl. eth1 plugs into the hub, and the hub has the workstations/routers branced from it. However, the system is running Mandrake Linux 9.1, and I can not get it to share internet connection towards the network.

I used the Mandrake Control Center and setup internet sharing, hoping that would solve my issues. I can recieve internet, but for some odd reason, it does not want to branc internet out to the rest of the network. Could someone please step me through this problem? Thanks in advance.

gotfrostbyte · 10-29-2003, 09:38 AM

gundelgauk · 10-29-2003, 10:53 AM

Greetings!

There could be several problems. I don't know Mandrake but I guess the internet sharing you are talking about controls ip forwarding not the proxy squid. To use ip forwarding you have to enter the router's ip as the default gateway into the clients' configuration. But as you want to use squid, you can leave ip forwarding off if you want to provide only http access to the clients.

To use squid you have to set up a configuration file for it and start it on the router. Then you have to enter the router's ip and the port that squid listenes on into the clients' browser configuration as http proxy. It is likely that you have some problem with your configuration file (squid.conf). Are there any entries in the syslog when you try to start squid? Also try to issue a '/path/to/program/squid -k parse' (without the quotes). That will make squid parse your configuration file and scan for errors.

Good luck!

gotfrostbyte · 10-29-2003, 11:09 AM

Thanks for the help. I did modify the configuration throughout webmin. I tried that command you gave me, though it did not do nothing at all. I did notice that squid did not install in the correct path as where it should be at. (I think). Its local directory is in /usr/local/squid. Theres a folder called sbin, which held a executable file. I did a ./squid with that, hoping it would run. I suppose it did for it did not broadcast no errors.

I also had another question that just came across. I have a 5 IP Addresses. I was wondering if I could possibly bind all 5 IP Addresses to the proxy so that other servers behind the proxy can use seperate IP Addresses.

Thanks for your help.

Iturbide · 10-29-2003, 11:35 AM

My config used to be pretty much te same as yours (2 nics, routing, nat, andsoon) After some struggling, I found http://easyfwgen.morizot.net/ which let me generate a neat iptables script to use. Have a go at that.

gundelgauk · 10-29-2003, 11:53 AM

Greetings again!

If the command 'squid -k parse' did not give you any output, that means that your configuration file is syntactically correct and should work. On my router, squid is installed in the same directory, I guess it's the standard.

You can allow any number of networks/subnets to connect to the proxy by specifying those networks in your /usr/local/squid/etc/squid.conf file like this:

Code:

acl private_lan_01 src 192.168.0.0/24
http_access allow private_lan_01
http_access deny all

This will allow all hosts on this network to use squid as a proxy. The last line will deny access to all other hosts that are not in your specified network(s).

I'm not sure if you have to specify the router's ip addresses or the network interfaces but I guess it will just bind to any ip/interface that correlate to the network(s) that you allowed access to.

gotfrostbyte · 10-29-2003, 02:38 PM

The ethernet card (eth1) that should be forwarding the internet out into the network still dosnt work *Sigh*. I put a cat5 cable in eth1 and plugged it into the uplink port of my hub. Neither the hub or the eth1 activity lights blink.

Here is a little ghetto mapout of my network.

[dsl]---[proxy]---[hub]-----[linksys router]

gundelgauk · 10-29-2003, 04:00 PM

Sounds to me like you are having a hardware problem! Better check if you didn't use a crossover cable by accident. If you didn't, try a different port on the hub. If you still get no link then - well, your NIC may be fused.

<edit>
Just noticed that you are using the uplink port on the hub. In that case you _have_ to use a crossover cable. Or just use a normal (non-uplink port). If that won't work - see above.

gotfrostbyte · 10-29-2003, 05:19 PM

I know its not hardware problems. I switched eth1 to eth0. In other words, swapping ethernet configuration on the box, and it still acted the same. So its with my poor newbish configuration or possibly that I need a cross over wire. Ill make a cross over wire tonight and give it a try. thanks

Edited:
Actually, just noticed this now. I was talking about using a straight through cat5 cable from eth1 to the uplink port on the hub. So that I could broadcast the internet to the hub, then everything connected to the hub can access the proxy. You know

gundelgauk · 10-30-2003, 02:51 AM

I don't know if you're aware of the fact that the uplink port acts just like a normal port on your hub except that is crossed. So if you put a normal (not crossover) cable into it, it will act as if you had used a crossover cable. Therefore you will get no connection if you use a normal cable to plug a pc into it. You either need to use a crossover cable with the uplink port (which is like crossing it and then crossing it back again) or you need to use a normal cable and plug it into a normal port.
The uplink port is normally used to connect two hubs without having to use a crossover cable.

I hope this was not too

gotfrostbyte · 10-30-2003, 04:40 PM

yes. Like, if you were wishing to use the hub with the dsl.. Then you can plug the dsl into the uplink port. Im just pretending that the proxy is the dsl itself (sharing internet connection on eth1). Therefore, i plug the cable that is from eth1 to the uplink port of the hub.