I have a made my squid proxy, I now have add another nic card to an old CPU using Ubuntu server 12.04. I have seen another post similar however I am new and did not understand some of it. Something about redirecting IP address and IP table?
I don't know how to do this.
Are you looking for a firewall-router sort of use of the two nics, no just faillover or bandwidth? For that, the routing should take care of it.
I believe that is correct place it like a firewall.. it would be: internet modem, then proxy, then rest of computers. The computers would have to sign on to proxy to get to the internet. That is possible for squid? We want to monitor users because we have terminals and we do not have active directory users, so the users would be created in the squid proxy. This is possible and the best way to do correct? I didn't think a transparent proxy would do what we wanted.
I was just told i need to create a file server.
Currently, we started with a vendor proxy server. We then added n-computing (terminals) with windows 2008 server r2.. terminal server. (no active directory)
Now I am creating a proxy server (out of old parts) and it is to take the place of the vendor proxy. the vendor proxy has a user list and passwords for login on the internet.
And next project is to create a file server.
thanks
Yes, you are describing a proxying firewall. Offhand, there are three ways through a firewall: 1) connect to a proxy that connects out for you (no packets traverse the firewall, it is done at the tcp stream level). 2) NAT, iptables and similar translators where your IP and sometimes tcp/udp port are changed to different ones assigned to the firewall for this (Your internal IPs are not used past the firewall) and 3) barefoot selected packet passage (you hosts are given limited Internet exposure, need good IP addresses). Characteristically, 1 can handle less volume than 2 which is more work for the firewall than 3.
For a proxy firewall, you do not want/need to turn on IP Forwarding, which makes the 2 nic host a router. Users connect to you, and you connect for them to the Internet, but no packets flow through. The routing is inward for inward addresses, which can be free ones like 10.*.*.* and outward for the rest. It is very simple to set up. In addition to squid, there are additional proxies like tcp_relay and sockd to shoot tcp connections through the firewall for other simple tcp protocols.
So number 3 is easy and good for 100 so users? How do I do it.
#3 is easy on the firewall, as it is just a filtering router, but all hosts require real IP addresses. Some firewall software can do packet inspection for viruses, I hear. That would up the ante for firewall CPU and RAM usage. For 100 users, all are probaly OK. You need to consider how many are on the net, how many are doing web with lots of little GETs, especially if they do not use HTTP/1.1 persistent connections. With proxy, that has higher overhead. And how many are doing high bandwidth, heavy data transfer -- web backup or movie download, for instance. Web proxy gives you a lot of monitoring and control options.
the maximum scenario would be 150 with max usage and the least 10. This is for a school Prek-12. I have squid with Webmin is that enough or do i have to download something else opensource? And I have no budget (private school with the one of the lowest tuition). Has to be easy for a layman to maintain.. if I leave. #3 will fit that? (Sorry..This has been the most confusing part of this process .. you say web proxy?) I have to have a proxy onsite?
No, I would stick with #1 the web proxy squid. Should be pretty easy to set up. Make it a DNS server, too, so it has a local cache of IPs.
Great.. how do I set it up as the dns server (i have the webmin going and the squid going I just need to know how to connect it with the internet and computers). Is there some documentation somewhere? I am new to linux had to do some things in unix years.....ago. so i have some knowledge but somethings i am not sure or remember how to do.
For just a caching server, you skip most of the steps. You resolv.conf (client config) points to the local host and the DNS can have the ISP name servers as root name servers. When it wants to know what is not cached, it asks them, and they tell it either the answer, there is no answer or where to go. Quick HOWTO : Ch18 : Configuring DNS - Linux Home Networking