Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I've setup Squid - DHCP - Transparent Proxy with the following eth0 = connected to internet eth1 = connected to lan. (192.168.1.1) I want to create multiple ip segment ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2011
    Posts
    44

    Squid with multiple IP segment


    Hi,

    I've setup Squid - DHCP - Transparent Proxy with the following
    eth0 = connected to internet
    eth1 = connected to lan. (192.168.1.1)

    I want to create multiple ip segment on this server.

    eg.
    192.168.1.1 = to be assigned on Department 1
    192.168.2.1 = to be assigned on Department 2
    192.168.3.1 = to be assigned on Department 3

    1. Now, based on MAC address, the server will give IP, let say if the mac address xxxxxx belongs to department 3 dhcp will give 192.168.3.23

    2. Also, I want to restrict bandwidth on those segment. let say, 192.168.1.1 will have 1mbps only. etc.

    Is there a way to configure the above ?
    Is it possible to configure that way with 2 NIC on my server?

    Pls help.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by wizzkid View Post
    Hi,

    I've setup Squid - DHCP - Transparent Proxy with the following
    eth0 = connected to internet
    eth1 = connected to lan. (192.168.1.1)
    What is the mask set on this interface?
    How are the other networks connected to this system?


    I want to create multiple ip segment on this server.

    eg.
    192.168.1.1 = to be assigned on Department 1
    192.168.2.1 = to be assigned on Department 2
    192.168.3.1 = to be assigned on Department 3
    This is possible.

    1. Now, based on MAC address, the server will give IP, let say if the mac address xxxxxx belongs to department 3 dhcp will give 192.168.3.23
    Well you are going to have to setup your network in dhcp.conf. One configuration per network with everything that is needed. Forget about the MAC address issues as dhcp look at what network the request comes from and assign accordingly. Only time you need to think about MAC Addresses is when you want a certain machine to always get the same ip address.

    2. Also, I want to restrict bandwidth on those segment. let say, 192.168.1.1 will have 1mbps only. etc.
    Look at this SITE

    Is there a way to configure the above ?
    Is it possible to configure that way with 2 NIC on my server?

    Pls help.
    As long as all dhcp requests are sent to your system then it should be possible. DHCP requests are broadcasts so they will have to be directed to your server if your server is not connected to those networks.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Jan 2011
    Posts
    44
    What is the mask set on this interface?
    - Currently, I am using 255.255.255.0, planning to change it to 255.255.0.0 so 192.168.x.x will be reacheable.

    How are the other networks connected to this system?
    Basically, I have a very simple network. I have 50 workstation connected to a switch, then to my Squid server.

    Squid server have 2 NIC, 1 connected to internet (eth0), and another 1 is connect to Local LAN (eth1).

    I just want to separate the department based on IP segment and assign a max bandwidth each department can use. I have 5mbps Fiber Optics line, and I want each department to have its own share. The reason is because I want to have more bandwidth for management dept., and so they will not be effected if somebody is downloading large files from other department.

    Here's my DHCPD.CONF
    Code:
    ddns-update-style interim;
    ignore client-updates;
    
    subnet 192.168.1.0 netmask 255.255.255.0 {
    
    # --- default gateway
            option routers                  192.168.1.1;
            option subnet-mask              255.255.255.0;
    
            option nis-domain               "proxy";
            option domain-name              "proxy";
            option domain-name-servers       8.8.8.8, 8.8.4.4;
    
            option time-offset              -18000; # Eastern Standard Time
    #       option ntp-servers              192.168.1.1;
    #       option netbios-name-servers     192.168.1.1;
    # --- Selects point-to-point node (default is hybrid). Don't change this unless
    # -- you understand Netbios very well
    #       option netbios-node-type 2;
    
    #       range dynamic-bootp 192.168.1.10 192.168.1.100;
    #       default-lease-time 21600;
    #       max-lease-time 43200;
    
    # DHCP Reservation
    
    host PC1 {
       hardware ethernet 56:AY:3E:E4:45:01;
       fixed-address 192.168.1.100; }
    
    host PC2 {
       hardware ethernet C9:CB:8D:3D:E6:S4;
       fixed-address 192.168.1.101; }
    
    
    }
    based on the above dhcpd.conf, please let me know how can I configure it to handle other ip segments, 192.168.2.* and 192.168.3.*


    Thanks!

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Here is the issue. You are going to have to create some way of separating the departments. Using a class B network everything is going to be on the same broadcast domain thus everything is going to look the same network wise.

    You do have options and they range from easy to hard when it come to implementation. Since I do not know your business setup or the depth of your knowledge it is not going to be easy to say which one will work best for you.

    Option one would be to invest in more hardware so that you can physically separate the different department. Add network cards to your system and switches for each department.

    Option two would be to place everyone on the same network and then limit their bandwidth usage with Squid.

    Option three would be to build VLANs for the different departments and manage them that way.

    I believe option two would be the best options at this point in time.
    I have never setup VLANs on a linux system so I wouldn't be mush help there. I use option one for my network.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined!
    Join Date
    Jan 2011
    Posts
    44
    I think I would go for option 2

    Option two would be to place everyone on the same network and then limit their bandwidth usage with Squid.
    1. How can I limit their bandwidth ?

    2. Can I specify which user or groups ?
    let say, marketing dept group will have this amount of bandwidth ?

    Also, would like to implement delay poll, is there any way to adjust the bandwidth allowed for certain file extension? Also, can I have exemption, let say one of the manager request for full bandwidth temporarily, other will have limit on their download based on Delay Pool, except for one IP addresses (IP of manager),

    I am using ACL on squid, only those ip addresses listed can actually use the internet.

    Code:
    acl WIFI src 192.168.1.2
    http_access allow WIFI
    
    acl Max src 192.168.1.100
    http_access allow Max
    
    acl Paul src 192.168.1.101
    http_access allow Paul
    
    acl Cindy src 192.168.1.102
    http_access allow Cindy
    
    http_access deny all

    Hope you can help
    Last edited by wizzkid; 01-17-2011 at 03:23 AM.

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You could take a look at one of the following to guide you through Squid setup.

    tldp
    HowtoForge

    Then there is always Google for searching.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •