Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello everybody
that's what i have :
1 machine whith a public ip and 1 NIC
i set a proxy ( squid ) in tis machine and now all publics IPs can use it but now i need to set this cache server for my lan also , i have a lan with 192.168.10.x addresse i set an alias to my NIC
(ifconfig eth0:0 192.168.10.1) but now i need to route this ip to get my lan able to use this squid
thanx to any help
>now all publics IPs can use it
Uh, providing a proxy that everyone on the internet can use my not be such a good idea..
Does the box that is running squid have a 192.168 address. It may be easiest to give it one and have the machines on the private lan access the proxy on its 192.168 address.
If you want the lan machines to be able to reach the public address then each lan machine has to have its routing table set to send traffic for that ip to the squid machine, either by setting th default gateway or by adding a subnet entry. If they get an ip by dhcp you might be able to get the dhcp server to give out the required gateway address.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
You also need to set the sysctl to forward packets to route between two subnets.
By the way, running Squid open to the world is a HORRIBLE idea. Many spammers and crackers use open proxies to attack other individuals or entities. Many IRC channels scan for open proxies and will not allow you to connect if you have one. Many ISPs scan their own customers and will shut you down if you have an open proxy. Finally, many anti-spam sites look for open proxies, then put the IP subnet on a "Realtime Blackhole List" at which point anyone subscribing to that RBL will no longer accept mail from you. If this RBL is big enough, your ISP will notice that they can't send mail to certain sites any more and will contact the RBL to see why they were blacklisted, which will point back to you. Not exactly a situation you want to be in, eh? Do everyone a huge favor and turn it off now. Proxies should be on PRIVATE networks (or virtually private).
>You also need to set the sysctl to forward packets to route between two subnets.
Which probably means an entry like
enable_forward=yes in a config file somewhere or a tick in
the configuation program depending on which distro you use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.