Squid with multiple IP segment

[wizzkid]

Hi,

I've setup Squid - DHCP - Transparent Proxy with the following
eth0 = connected to internet
eth1 = connected to lan. (192.168.1.1)

I want to create multiple ip segment on this server.

eg.
192.168.1.1 = to be assigned on Department 1
192.168.2.1 = to be assigned on Department 2
192.168.3.1 = to be assigned on Department 3

1. Now, based on MAC address, the server will give IP, let say if the mac address xxxxxx belongs to department 3 dhcp will give 192.168.3.23

2. Also, I want to restrict bandwidth on those segment. let say, 192.168.1.1 will have 1mbps only. etc.

Is there a way to configure the above ?
Is it possible to configure that way with 2 NIC on my server?

Pls help.

[Lazydog]

Hi,

I've setup Squid - DHCP - Transparent Proxy with the following
eth0 = connected to internet
eth1 = connected to lan. (192.168.1.1)

What is the mask set on this interface?
How are the other networks connected to this system?

I want to create multiple ip segment on this server.

eg.
192.168.1.1 = to be assigned on Department 1
192.168.2.1 = to be assigned on Department 2
192.168.3.1 = to be assigned on Department 3

This is possible.

1. Now, based on MAC address, the server will give IP, let say if the mac address xxxxxx belongs to department 3 dhcp will give 192.168.3.23

Well you are going to have to setup your network in dhcp.conf. One configuration per network with everything that is needed. Forget about the MAC address issues as dhcp look at what network the request comes from and assign accordingly. Only time you need to think about MAC Addresses is when you want a certain machine to always get the same ip address.

2. Also, I want to restrict bandwidth on those segment. let say, 192.168.1.1 will have 1mbps only. etc.

Look at this SITE

Is there a way to configure the above ?
Is it possible to configure that way with 2 NIC on my server?

Pls help.

As long as all dhcp requests are sent to your system then it should be possible. DHCP requests are broadcasts so they will have to be directed to your server if your server is not connected to those networks.

[wizzkid]

What is the mask set on this interface?

- Currently, I am using 255.255.255.0, planning to change it to 255.255.0.0 so 192.168.x.x will be reacheable.

How are the other networks connected to this system?

Basically, I have a very simple network. I have 50 workstation connected to a switch, then to my Squid server.

Squid server have 2 NIC, 1 connected to internet (eth0), and another 1 is connect to Local LAN (eth1).

I just want to separate the department based on IP segment and assign a max bandwidth each department can use. I have 5mbps Fiber Optics line, and I want each department to have its own share. The reason is because I want to have more bandwidth for management dept., and so they will not be effected if somebody is downloading large files from other department.

Here's my DHCPD.CONF

Code:

ddns-update-style interim;
ignore client-updates;

subnet 192.168.1.0 netmask 255.255.255.0 {

# --- default gateway
        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0;

        option nis-domain               "proxy";
        option domain-name              "proxy";
        option domain-name-servers       8.8.8.8, 8.8.4.4;

        option time-offset              -18000; # Eastern Standard Time
#       option ntp-servers              192.168.1.1;
#       option netbios-name-servers     192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#       option netbios-node-type 2;

#       range dynamic-bootp 192.168.1.10 192.168.1.100;
#       default-lease-time 21600;
#       max-lease-time 43200;

# DHCP Reservation

host PC1 {
   hardware ethernet 56:AY:3E:E4:45:01;
   fixed-address 192.168.1.100; }

host PC2 {
   hardware ethernet C9:CB:8D:3D:E6:S4;
   fixed-address 192.168.1.101; }


}

based on the above dhcpd.conf, please let me know how can I configure it to handle other ip segments, 192.168.2.* and 192.168.3.*


Thanks!

[Lazydog]

Here is the issue. You are going to have to create some way of separating the departments. Using a class B network everything is going to be on the same broadcast domain thus everything is going to look the same network wise.

You do have options and they range from easy to hard when it come to implementation. Since I do not know your business setup or the depth of your knowledge it is not going to be easy to say which one will work best for you.

Option one would be to invest in more hardware so that you can physically separate the different department. Add network cards to your system and switches for each department.

Option two would be to place everyone on the same network and then limit their bandwidth usage with Squid.

Option three would be to build VLANs for the different departments and manage them that way.

I believe option two would be the best options at this point in time.
I have never setup VLANs on a linux system so I wouldn't be mush help there. I use option one for my network.

[wizzkid]

I think I would go for option 2

Option two would be to place everyone on the same network and then limit their bandwidth usage with Squid.

1. How can I limit their bandwidth ?

2. Can I specify which user or groups ?
let say, marketing dept group will have this amount of bandwidth ?

Also, would like to implement delay poll, is there any way to adjust the bandwidth allowed for certain file extension? Also, can I have exemption, let say one of the manager request for full bandwidth temporarily, other will have limit on their download based on Delay Pool, except for one IP addresses (IP of manager),

I am using ACL on squid, only those ip addresses listed can actually use the internet.

Code:

acl WIFI src 192.168.1.2
http_access allow WIFI

acl Max src 192.168.1.100
http_access allow Max

acl Paul src 192.168.1.101
http_access allow Paul

acl Cindy src 192.168.1.102
http_access allow Cindy

http_access deny all

Hope you can help

[Lazydog]

You could take a look at one of the following to guide you through Squid setup.

tldp
HowtoForge

Then there is always Google for searching.