Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Going around squid

Status
Not open for further replies.
Cristian

Cristian

IS-IT--Management
Jun 9, 2000
4
0
0
RO
Good day,
I'm using a RedHat Linux 7.1 (kernel 2.4.10) router/firewall with squid proxy, to access the Internet from all the Windows workstations on the local network.
Squid denies the use of any common ftp client for connecting to ftp servers from a workstation. Is there any possibility to make few "priviledged" workstations not to go through the proxy? I'm thinking to make them part of a subnetwork, but I'm not sure it will work...
I'm looking forward for any suggestion
Thank you
 
Sort by date Sort by votes
Hi,

Squid is just a http proxy and does not support ftp - other than via http. So FTP clients will not work unless they support http proxy. You would need to use IP masquerading via iptables (2.4.x kernels) or ipchains (2.2.x series kernels). This is special form of source n.a.t. and can easily be configured to masquerade only certain IP addresses. For example with iptables:

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.16.0/24 -j MASQUERADE

That would masquerade anything with a source IP of 172.16.16.0 255.255.255.0 out through interface eth1. You can make it far more specfic, however : See --> . For the ipchains equivalent see --> .

Hope this helps
 
Upvote 0 Downvote
Thank you, ifincham :)
Unfortunately, for a specific reason I'm not permitted to disable Squid for the entire network. I'm allowed only to setup few workstations not to go through Squid (if this will prove to be possible)...
Shall I create a second internal network (let's say 172.16.17.0 for eth1:1, that will contain those "priviledged" workstations) on the same physical network (which now is 172.16.16.0 for eth1), and masquerade it? Under these circumstances, will the second network access the Internet through Squid too, or rather by the masquerading mechanism?
Thank you again ;o)
 
Upvote 0 Downvote
Hi,



I don't see why that shouldn't work using interface aliasing but you'd have to tell squid to listen to a particular IP address (interface) rather than just on port 3128. So, you'd have something like this in your /etc/squid/squid.conf file :



http_port 172.16.16.1:3128



Then restart it :



/etc/rc.d/init.d/squid restart



Hope this helps





 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ady2012
  • Locked
  • Question
How set SELinux for LAMP, Nagios and Squid?
Replies
3
Views
47
ady2012
ady2012
extremedatos
  • Locked
  • Question
squid and bonding 1
Replies
15
Views
61
IRudebwoy
IRudebwoy
tcpipv6
  • Locked
  • Question
Squid Redhat
Replies
4
Views
27
tcpipv6
tcpipv6
GrimR
  • Locked
  • Question
sarg clear Squid User Access Reports
Replies
1
Views
25
QatQat
QatQat
Dinkytoy
  • Locked
  • Question
Moving around disk space
Replies
6
Views
26
zeland
zeland

Part and Inventory Search

Sponsor

Back
Top