ipfw + natd + squid + 2 internet connections and a LAN

eculp_at_encontacto.net
Date: 07/31/03

  • Next message: Darryl Hoar: "apache13-fp - having mucho problems" 
    Date: Thu, 31 Jul 2003 09:19:57 -0700
To: isp@freebsd.org

    Our small company has a ds0 connection through our local telco
    that is totally saturated during the day from our outgoing traffic
    and we need it for customer traffic so I added what I thought
    would be a cost effective connection through a local cable provider
    thinking that I could use it with squid and transparent proxy to
    route all the LAN port 80 outgoing traffic first to squid on 3128
    and out through the cable connection. Everything is on the same box.
    I have 3 nics rl[0-2]. One for the lan with 192.168.5.0/24, one for
    our telco connection with 16 ip's and the other for the cable modem
    that is a private network 10.24.194.xxx/20 to access the gateway that
    is 10.24.128.1.

    My ipfw is very simple fight now and transparent proxy is working
    perfectly.

    00100 allow ip from any to any via lo0
    00200 deny ip from any to 127.0.0.0/8
    00300 deny ip from 127.0.0.0/8 to any
    00400 fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80
    65100 divert 8668 ip from any to any via rl0
    65500 allow ip from any to any

    I naively put 10.24.194.xxx as my tcp_outgoing_address thinking
    that the port 80 traffic from squid would route through rl2 or
    10.24.128.1. It doesn't, it routes through rl0 that is the telco
    connection.

    My default route is through the telco connection off rl0.

    I am trying to divert all web traffic, first to squid on the local
    box and then have squid fetch what isn't is cache through rl2. I
    feel like I'm really missing something. I've even tried running
    two instances of natd but wasn't able to get it to work.

    Any suggestions would be appreciated.

    thanks,

    ed 

    --
-------------------------------------------------
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: Darryl Hoar: "apache13-fp - having mucho problems"

    Relevant Pages

    • Re: Random Network Droping, advice needed
      ... > When I worked for one ISP we had one single location where our ISDN ... I worked for an ISP and the Telco wanted to drop the service because ... The tech refused at first. ... It turned out to be a bad connection that was heating ...
      (Fedora)
    • Re: Armageddon Celebration begins tomorrow
      ... Can dial pulse and then switch to tone for stuff that requires it. ... decided that the $1.50/month the telco here charges is excessive. ... The main office wants to centralize all the branch offices and have us connected to the main computers. ... However, we lose internet about 5 times a day and the telco loses connection to the outside world about twice a month, and the 800 lines are choked most of the tourist season. ...
      (misc.rural)
    • Re: [opensuse] Modem working on openSuSE 10.2
      ... except for when it redials after ... Dialing is an operation they have to spend some resources (compared to an stablished connection), so they may limit the number of dials you do in a period. ... And some modems implement this limitation themselves, refusing to redial right after a failure. ... If this modem was given to you by the telco, that's what I would think first. ...
      (SuSE)
    • Re: Armageddon Celebration begins tomorrow
      ... Can dial pulse and then switch to tone for stuff that requires it. ... decided that the $1.50/month the telco here charges is excessive. ... The main office wants to centralize all the branch offices and have us ... branch offices have a _little_ better connection, ...
      (misc.rural)
    • Re: VPN and remote gateway
      ... > It seems you use the wrong route add command. ... > when the VPN connection is established. ... > | using the remote network as my gateway. ...
      (microsoft.public.windows.server.sbs)