Squid behind main router
Hi, I want to set up a proxy(squid) server using SuSE 10 but would like to know if the proxy will filter the MAC addresses of my PC's.
ISP==>MAIN ROUTER==>OTHERSWITCHES/ROUTERS==>PC'S the main question is where to put my squid box? p.s. I posted on Linux Security Forum and they helped me a lot but hope you can help me with this one. Thank you!!! |
what do you mean about mac filtering? the mac address of the original client will be in no way visiblein the proxied http request. as to where to put it... somewhere between the clients and the external router really, as long as it is somewhere on that route you can do transparent proxying and such like, but then if you are going to use it as an explicit proxy i'd say you should create a dmz (you mention vlan's in other posts, so a dmz vlan would be ideal) and then just route into that vlan as close to the internet edge as you like.
btw, i nearly closed this post as a douplicate of your security one... just about squeaked through,,, |
Sorry about that, you see i'm kind of new to linux and networking and probably did not expain correctly, what i ment by filtering is that if my proxy will be able to see the MAC's of my pc clients if i attache the proxy to the main router?
ny help and links to documentation will be helpfull Thank you very much!!! |
mac addresses only live within a local subnet. once your traffic has been routed then that's your lot. MAC address filtering seems a very odd idea, why aren'ty you just authorizing on source address at a most basic level..?
|
Quote:
I've been looking arounda but still no answer. on the forum of security i was recommended a book which i still havent found yet. but i'm still working on it. so any extra help is appreciated!!! Thank you all!!!! |
Thank you people you've been of great help.
Finally got it working using 3 Dual NIC's, one for each VLAN. This way my proxy knows the MAC's from each VLAN. |
well that's doable, but of course it's not very scalable. more of than not though, solutions don't need to scale have fun.
|
All times are GMT -5. The time now is 06:59 AM. |