squid doesn't work - hardware router, intranet [SOLVED]

karol · n00b Joined: 21 Jun 2005 Posts: 22

Hi,
I just want to make sure...
Is it possible to setup squid in such intranet...
My new employer has hardware router and behind the router there is whole intranet. There is no dns-server, intranet is on dhcp.
And now he wishes to have a squid proxy... Everything would be nice, but he whants me to setup squid inside intranet... Is it possible ?
Router is conneted to inet with dsl and has static ip...

I'am sorry if I wrote something not correctly... (eng. I mean)

Thank you all for your answers.

cheers
_________________
gg: 1910078

think4urs11 · Posted: Tue Jul 26, 2005 7:59 pm Post subject:

global answer: possible without bigger issues

exact: answer: more details needed

Is squid meant do act as proxy between internet and intranet OR is it meant to act as proxy in intranet for intranet?
In the first case dns access from the squid machine towards internet is needed, otherwise it would only be possible to surf the web by ip instead of names like forums.gentoo.org (obviously)...
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

karol · n00b Joined: 21 Jun 2005 Posts: 22

"Is squid meant do act as proxy between internet and intranet OR is it meant to act as proxy in intranet for intranet? "
Well my employer would like a box from intranet to be a proxy for internet...
In my opinion in this case impossible...
Thank you...
_________________
gg: 1910078

think4urs11 · Posted: Tue Jul 26, 2005 8:33 pm Post subject:

karol · n00b Joined: 21 Jun 2005 Posts: 22

than what should I do ?
How to setup a squid box running inside intranet ?
I've lost all the steam, I feel pumped out...
_________________
gg: 1910078

think4urs11 · Posted: Tue Jul 26, 2005 9:11 pm Post subject:

a) the router needs to be default gateway for the squid box
b) the router needs to do NAT for the machine running squid
it is NOT needed to configure any port forwardings on the router - just NAT 'internal ip squidbox'->'external IP on DSL side'
c) the machine running squid needs (at least) outgoing access (to internet) for ports 53/udp, 80/tcp + 443/tcp (dns, http, https)
everything else could be dropped at the router (if not needed otherwise of course)
d) http://gentoo-wiki.com/HOWTO_setup_a_home-server#Configuring_squid; adopt as needed (network address comes to mind)
e) configure all clients which want to have internet access with appropriate proxy settings
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

karol · n00b Joined: 21 Jun 2005 Posts: 22

Think4UrS11 thank you....
I'am going to try this in the afternoon... This way or another thank you...
There are moments, when I just feel hopeless... Yesterday was such a day...
_________________
gg: 1910078

think4urs11 · Posted: Wed Jul 27, 2005 6:32 am Post subject: