• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

FC Routing Help

Ok I am trying to setup some routing on my squid server using iproute2 basically I would like to setup 2 tables

Table 1 "Wireless"
Table 2 "Office"

Router
Vlan1 172.16.1.3   |<--------->Eth0 Squid<---->Eth1 Squid|  172.16.1.0 network
Vlan2 192.168.2.3 |                                                        | 192.168.2.0 network

Squid Server
Eth0  192.168.2.2
Eth0:1 172.16.1.2
Eth1 192.168.2.1
Eth1:1 172.168.1.1

What I would like is for all traffic in network 192.168.2.0, 172.168.1.0 that goes through Eth1 be routed out through Eth0 and vice versa.  This way both networks can use the server on the same nic.  My problem is I can't get a proper start on this because the examples I have found all seem to refur to load balancing 2 ISP's.  Any input on how to accomplish this would be great.

I would also like ot note that this is going to be setup as a transparent quid server so I will have port forward nat redirect for port 80 to 3128

Thanks!
-sam
0
hexfusion
Asked:
hexfusion
1 Solution
 
NopiusCommented:
It's not clear is a link between Router and Squid is a trunk with 2 VLANs or just not tagged ethernet?

'I would like is for all traffic in network 192.168.2.0, 172.168.1.0 that goes through Eth1 be routed out through Eth0' - you don't need iproute2 functionality for that, just old style routing.

If you need to route
172.16.1.0 to 172.16.1.3
and
192.168.2.0 to 192.168.2.3
then you need iproute2.

Very good book about policy based routing is here: http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html
Also look here:  http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN268

What about transparent squid, I've never used it because squid failure leads to unavailability of http:// access (even if it's possible to access internet directly)
0
 
Gabriel OrozcoSolution ArchitectCommented:
Hello sam

you cannot route when you have the same network address space on both sides. this will not work.

fortunately, for what you want to do, you can setup a bridge using eth0 and eth1. That way your box become a layer 2 device and all networks can pass freely.

But having a linux box that way without filtering makes no sense. so here some links to help you to setup linux as a bridge AND as a firewall:

http://www.tldp.org/HOWTO/Bridge+Firewall.html
http://www.qcc.cuny.edu/CUNY_IT_Conf_Nov19_2004/IT/PPT/Linux%20Bridge%20Firewall_files/slide0001.htm
http://www.sjdjweis.com/linux/bridging/

hope this helps
0
 
hexfusionAuthor Commented:
In the end I decided to keep the squid box using only onenic achieving basically the same thing.  Nopius as with anything critical making sure you have proper redundancy is the only solution to that.  The plus side of using a proxy in a large network can make a big difference with performance.  We because of physical constraints must pipe all bandwidth via high end VSAT which is expensive bandwidth.  In a decent sized network I found a caching proxy to be the only solution to minimizing bandwidth while improving performance.  But everyones situation is diffent of course.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now