[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Transparent proxy from different networks

This is a diagram of my networks:


( 192.168.2.0) --                                     [ FW/Proxy ]
                 |                                         |
( 192.168.3.0) -- --> [ MPLS ] <-- [ Router VPN ] ( 192.168.1.0/24 )
                 |
( 192.168.4.0) --

Router VPN is 192.168.1.251 and isn't masquerading
FW/Proxy is 192.168.1.1

Users from 192.168.1.0/24 can browse transparently trough FW/Proxy.
Users from others networks can ping FW/Proxy, ping Internet, tracert
Internet, nslookup hostnames but it seems that REDIRECT rule is breaking
something for them.

Users report that ther internet explorer keeps waiting until times out
without Squid error message.

I'm running Shorewall 3.2.6 and Squid 2.6.5 running on Debian Etch

Paolo escribió:
> On Mon, Oct 06, 2008 at 10:05:28AM -0500, Jason Voorhees wrote:
> 
>> I have a Squid running on 192.168.1.1 listening on 3128 TCP port. Users
> ...
>> But users from differents networks (192.168.2.0/24, 192.168.3.0/24,
>> etc.) can't browse the Internet. Those networks are connected to
>> 192.168.1.0/24 via a VPN connection.
> 
> 1st off, can they even connect to 192.168.1.1? eg if you have (also) an 
> HTTPD there, can they see it? can they ping 192.168.1.1 or any 192.168.1.0/24?
> Is the VPN daemon running on 192.168.1.1 as well?
>
Reply to: