[K12OSN] we got DSL! :-)/Routing Discussion
Barry Smoke (bsmoke@bryant.dsc.k12.ar.us)
31 Oct 2002 14:41:31 -0600
This is actually a routing discussion...
here is our predicament:
5 usable ip's on our dsl,
we are giving the bryantar.net domain to one of them, and throwing it on
our webserver/e-mail server
another one, we want to put on our proxy, which is running iptables, and
masquerading internal 10.x.x.x addresses through an ip address of
165.29.94.254(our existing state t-1 line)
now, we are a school, and we have to use filtering for the time being,
along with APSCN (telnet) traffic having to go out our existing state
t-1 line, so we can't just make our new dsl line the default route....
We want to be able to put in a proxy address with authentication into
our administrative browsers, thus allowing us unlimited access to the
internet through our dsl line(we will be playing with squidguard)
but anyone else will be routed through the default t-1 line for
internet...
that I can tell, squid does not allow you to change the default route it
uses, nor does it allow the change of the port, which would be better,
because you could then write an iptables rule to catch all traffic to
that port, and forward it to eth2(dsl), yet all other port 80 traffic
through eth0
there is another catch:
We also need to write iptables rules that catch certain destination
addresses, and forward them through the new dsl line, instead of the
t-1. This is for sites that for one reason or another are not working
with the state filter system, yet are essential to our teachers, and
students(myskillstutor.com/skillstutor.com)
I guess squid is the key here....is it possible to change squid from
using default route/port 80?
Any alternatives to squid?
hoping to keep squid, for use with squidguard....
Hoping to avoid using a seperate pc for squid....seems like a waste.
_______________________________________________
K12OSN mailing list
K12OSN@redhat.com
https://listman.redhat.com/mailman/listinfo/k12osn
For more info see