Greetings all. New user, first post, need help.
I have been tasked with building a web caching solution for use in a remote field application where bandwidth is limited. The goal is to cache frequenly-accessed web pages for the 200 or so users at the event and thereby reduce pressure on our limited uplink. We use Meraki devices as our access points and filtering/throttling solution. I have chosen to use squid on a dedicated Arch Linux box built with minimal packages and my goal is to have this do nothing other than completely transparent simple caching.
Configuation will essentially be: uplink device (modem or LTE device) -> squid -> Meraki master -> clients (possibly via other Merakis in mesh).
My initial testing of this solution worked great on my home network without a Meraki. I set up bridging between the two NICs and pointed my browser to use a proxy with the address being that of the bridge device. I then moved on to introducing one of the Merakis that I have as a test unit, and I have not yet been able to get the squid server to cache properly. Note that the Merakis will use a 10.0.0.0/8 IP range while my home network uses a192.168.1.0/24 range, and I don't know for certain what IP address we'll have for our field uplink, but I hope that whatever solution I get to work will translate to that, even if I need to change a conf file or two once I find out.
After doing some research it appears that I need to change from using a bridge to using a router configuration, since I'll be bridging two separate subnets. This seems to be where I'm running into trouble. I either can't get communication through the squid box to the Internet, or if I do get communication there is no activity in squid and no caching is occuring.
My squid.conf is essentially unmodified. I've tried using
transparent and
intercept arguments on the squid port line (still using 3128) and neither seem to have any effect. I'm allowing access to 10.0.0.0/8. I can't seem to add a proxy server to the Meraki configuration to be passed to the clients when they get their DHCP leases.
I set up routing using this example:
Code:
# gid=`id -g proxy`
# iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --gid-owner $gid -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination SQUIDIP:3128
# iptables-save > /etc/iptables/iptables.rules
I've tried using the uplink and downlink addresses for SQUIDIP -- this is one issue; I'm not clear on which address I need to point to here..
I had originally set up my bridge thusly:
Code:
ifconfig eth0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 192.168.1.200 netmask 255.255.255.0 up
route add default gw 192.168.1.1 dev br0
and it worked great as long as client IP was in same subnet and browser pointed to 192.168.1.200 as a proxy.
I have about a week to figure this out and get it ready to implement. Any help will be most welcomed and appreciated. Thanks in advance.