Junix,
its not possible,
user -> squid1 -> dansguardian -> squid2 -> internet
if I remove squid1, then it would look like this
user -> dansguardian -> squid2 -> internet
Yes, this setup is exactly what I have in mind.
where would I apply follow_xff, its only for squid, unless you want it
like this:
You would apply the follow_xff patch to squid2.
Then enable the "forwardedfor" and "usexforwardedfor" on dansguardian
settings.
and enable the follow_xff settings in squid.conf:
---
follow_x_forwarded_for allow localhost
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
---
although you can tunnel squid login through localhost, dansguardian
does not have authentication by MAC address. Unless u have a
workaround please share it then
Squid2 will still handle the authentication via MAC address, squid2 will
not see the connection as being created by DG because of the patch and
the above settings.
I tried this setup the day I read your post because I myself also wants
to know if acl via MAC will work with the patch and it did.
regards,
Kenneth
On 7/7/05, Kenneth Oncinian <[EMAIL PROTECTED]> wrote:
Have you tried the follow_xff patch for squid?
http://devel.squid-cache.org/follow_xff/follow_xff-2.5.patch
Even acl via arp works with this patch, You can then eliminate the first
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
