Ok, This is kinda confusing so let me introduce the various participants: 1. I have a router 192.168.100.1 that is an internet gateway. NOT DHCP or DNS. I also have a second internet connection (STATIC IP) 2. I have a Mint 7 Box that is the following: DNS Server DCHP Server (Provides IP's 192.168.100.5-25) Webserver, etc. Dansguardian Proxy Server (One 192.168.100.0/24 and setup transparent) This PC has 2 NIC's. One is static IP 69.59.xx.xx One is Static IP 192.168.100.101 **************************** Ok, here is what I am trying to do. Currently, I can make the DHCP3 server use 192.168.100.101 for the gateway, in which case client pc's on my network use the proxy transparently and use the bandwidth on my 69.59.xx.xx connection. If I make the DHCP3 server use 192.168.100.1 for the gateway, they use the other internet connection. Problem: I don't want the client pc's to use the webserver bandwidth. Question: How can I make squid/dansguardian use 192.168.100.1 to service web requests but allow that machine use 69.59.xx.xx for it's bandwidth for local requests. (I hope that makes sense). When I am on the machine at 192.168.100.101 and I use the internet I want it to use 69.59.xx.xx for all internet interaction locally, but want the proxy to use the router at 192.168.100.1 only. whew... that was hard to explain.
Not that hard what you explained: you have 2 gateways, 1 server and some clients. the server must use 1 gateway on it's own, and must supply dhcp information to the clients BUT the clients must go through the other gateway AND use the proxy that is running on the server. But for as far as i know it's not possible to set a gateway in squid itself. So squid will always use the gateway that you have configured for that system.
you can have 2 gateways at the same time, but you need to configurate the routing on the server correctly .. if ONLY the clients connect from 1 eth, then you could route all that traffic to a forced gateway .. if it's mixed .. back to the drawing board and setup your network differently ..
Code: man route man iptables But you might want to reconsider your current network topology. Which might be easier for you to manage. but anyway, check out this site: http://lartc.org/howto/lartc.rpdb.multiple-links.html
Thanks. I use a hardware firewall on the 192.168.0.0/24 network. I need to either eliminate that and make a linux firewall/content filter or move the filter to another physical machine on the network. Sigh... I love linux
Can you manually configure your client machines to use a certain router/IP? or if they get their info from DHCP then configure your DHCP server to use one of the routers? These are my questions, lol not really answering yours! I also like to do this without using VPN!
I think I concluded that there was no way to do it without buying some appliance to do it. What I ended up doing is scrap the project and did this instead: The several computers on my lan (7) I assigned an IP (based on MAC) in dhcpd and point them to the external gateway. The dynamic block of IP's get pointed to the proxy machine, where I have firewall rules to make it transparent. The end result is that foreign connections get a dynamic IP that is filtered and my machines have a set IP that is not filtered. Later, I will create ACL's that will do limited filtering for my machines. That's not what I started out to do but is what was actually possible to do in my case. I wonder if Squid will ever have an option to specify a gateway in the future. That would be too cool. Thanks all.
