Hi, If long is an issue maybe this is an alternative:
- install ipcop - add the advanced proxy module - enable windows authentication done ? reinier > danr maybe that post was too long :) > > On Fri, Jul 22, 2011 at 9:26 AM, sanga collins <[email protected]>wrote: > > > I use squid + dansguardian for my clients and was able to successfully > > configure it with Dual WAN support. The key to accomplishing this in my > > network is policy based routing (PBR) on juniper netscreen devices. Here are > > the basics. You can of course do simliar setups with cisco or sonicwall > > routers if you understand the basics. > > > > 1. configure squid and dansguardian server. > > Dansguardian is listening on port 8080 and redirecting to squid port 3129. > > iptables is redirecting port 80 to port 8080 for easy config of > > workstations and juniper router. > > Server has 2 NICs so instead of using transparent mode i configure the 2 > > NICs with different IPs so that they can be on different LANs as i will > > explain later. > > > > 2. configure router > > I use policy based routing that allows me to define source IP/port > > destination IP/port and transport protocol to define several rules such as > > the ones below. > > > > if source is ip from workstation pool redirect all port 80 traffic to squid > > server port 8080 > > if source is ip is from local server pool do not redirect any port 80 > > traffic (allows servers to skip proxy) > > if destination ip is an intranet webserver or company webserver do not > > redirect traffic > > through the proxy and allow direct communication. > > > > 3. configure dual wan for fail-over and selective redirection. > > On juniper routers you can have more than one virtual router. This allows > > me to have two active default gateways on the same device. So this is what i > > do > > > > Virtual router 1 contains the default LAN and the default WAN interface and > > gateway. virtual router 2 contains the backup WAN interface and gateway and > > secondary LAN. > > > > The trick to setting up both connections is route statements. on VR1 > > (virtual router 1) i have the following. > > > > 0.0.0.0/0 -> GW-ip ->GW-interface metric=0 > > 0.0.0.0/0 -> virtual router 2 metric=10 > > lan2-ip -> virtual router 2 > > > > virtual router 2 has the following. > > 0.0.0.0/0 -> GW-ip -> GW-interface metric=0 > > 0.0.0.0/0 -> virtual router 1 metric=10 > > lan1-ip -> virtual router 1 > > > > I know this is a very stripped down routing table but this is basically > > what happens. Since there are 2 routes in each vr 0.0.0.0/0 the metric > > determines which one is active and which is not. Higher metric = lower > > priority so by metric 10 routes are inactive if metric 0 route is active > > > > When ISP 1 or 2 goes down. the first default route fails and the 2nd > > default route with metric 10 now becomes active redirecting all traffic to > > the other virtual router where it can make its way to the internet. > > > > to force certain local workstations to use either ISP1 or 2 i would use the > > fact that i have the squid server with 2 NICs one in the LAN1 and the other > > NIC in LAN2. > > By default all traffic in LAN1 goes to squid server NIC1 then back to LAN1 > > to go out to the internet. To force some computer to use the slow internet. > > All i need to do is use a source based route > > > > source ip/subnet mask -> virtual router 2 > > > > This means traffic from this ip is pushed to VR2 where policy based routing > > checks against its rules and determines whether to send to internet on slow > > connection. Or whether to send through proxy on LAN2 then to internet on > > slow connection. > > > > Lastly when one internet connection goes down all traffic is redicrected to > > the other virtual router where squid rules still apply and failover is > > almost instantaneous :) > > > > > > On Fri, Jul 22, 2011 at 8:31 AM, Peter C. Ndikuwera <[email protected]>wrote: > > > >> Hi, > >> > >> Anyone have experience with using squid with multiple outgoing > >> connections? > >> > >> Some conditions: > >> - squid cannot be in transparent mode > >> - some IPs must be set to use conn #1 (the faster one) > >> - if either conn #1 or #2 go down, squid should always use the active > >> connection. > >> > >> Ideas? > >> > >> Peter > >> > >> -- > >> Evolution (n): A hypothetical process whereby infinitely improbable events > >> occur with alarming frequency, order arises from chaos, and no one is given > >> credit. > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The mailing list host is not responsible for them in > >> any way. > >> > > > > > > > > -- > > Sanga M. Collins > > Network Engineering > > ~~~~~~~~~~~~~~~~~~~~~~~ > > Google Voice: (954) 324-1365 > > E- fax: (435) 578 7411 > > > > > > -- > Sanga M. Collins > Network Engineering > ~~~~~~~~~~~~~~~~~~~~~~~ > Google Voice: (954) 324-1365 > E- fax: (435) 578 7411 > -- rgds, Reinier Battenberg Director Mountbatten Ltd. +256 758 801 749 www.mountbatten.net http://twitter.com/batje http://twitter.com/mapuganda _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
