Demand dial on Winroute Pro+ Squid server proxy?
From: Michail Pappas (unreal@is.invalid)Date: 03/13/02
- Next message: Berk S. Daemon: "Re: Wireless config-shared key authentication?"
- Previous message: Patrick Farrell: "Re: LINUX SECURITY FLAW FOUND"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michail Pappas" <unreal@is.invalid> Date: Wed, 13 Mar 2002 08:38:18 +0200
Hello all,
I am currently testing the following, so I'd appreciate some advice on the
subject: a small LAN connected to a winroute pro 4.1 server. The LAN obtains
addresses from winroute's DHCP server (including DNS - the one of the DNS
forwarder). On the windows 2000 professional-based winroute pro system I've
installed Squid for NT (HTTP/FTP proxy) instead of the proxy bundled with
winroute, since the former has excellent performance characteristics. All
systems (LAN _and_ server) are configured to connect through the Squid proxy
for HTTP/FTP traffic. Since Squid listens to port 3128 (the same as the
winroute HTTP proxy does), winroute's proxy was disabled. Fact is, that
winroute's proxy was not needed, at least for caching purposes.
Again on the same system, a dial-up connection is used to provide access to
the net. This connection should be made on-demand, and controlled by
winroute. This way, the connection can be automatically closed by winroute,
after a certain time of inactivity.
Now the problem is exactly this one: winroute can open and subsequently
close a dial-up connection when one of the following happens:
(a) when a client system makes a DNS request specifically to winroute's DNS
forwarder or
(b) when winroute's built-in proxy is used to connect to a site or,
(c) or a TCP/UDP packet must be routed through Winroute.
My problem here is that utilizing Squid means that all client connection are
passing _through_ the winroute system; instead they are terminated there.
Squid subsequently opens new connections to origin servers, thus bypassing
"routing" functions.
This is clearly what I want to avoid in this case. That is, I am looking for
a possible way to make Squid interact with winroute in one of the cases
(a)-(c) above, in order for winroute to automatically demand dial/hang-up.
A possible solution is the following: enable winroute's proxy (with the
cache function disabled) on port say 45000 and configure Squid to send its
requests to the winroute proxy. Advantage: demand dialing works.
Disadvantage: unnecessary load on the server system.
Another one that I have tried (but failed) is enabling "use nat for this
system" in the dial-up connection RAS properties (winroute's interfaces
menu). I was hoping that by doing that, outgoing (i.e. to origin servers)
TCP connections made by Squid would trigger Winroute's dialing, per case (c)
above. It did not work and I am quite curious to know why...
In any case, could some advice be offered on how demand dial can be obtained
in this scenario, _without_ utilizing winroute's HTTP/FTP proxy _but_ using
the automatical dialing functionality of winroute?
For the technically inclined:
- the internal LAN has addresses in a 192.168.0.2-11 range (subnet
255.255.255.0), obtained from a relevant DHCP scope from winroute
- server's LAN interface: 192.168.0.1/255.255.255.0
- squid is configured to listen on port 3128 ONLY on the 192.168.0.1
interface
- besides HTTP access, other types of access from the LAN to the net will be
possible (i.e. ICQ, gaming, IRC etc). I am just trying to "optimize"
HTTP/FTP traffic from/to the LAN here.
Thaks in advance for any information
Michael.-
- Next message: Berk S. Daemon: "Re: Wireless config-shared key authentication?"
- Previous message: Patrick Farrell: "Re: LINUX SECURITY FLAW FOUND"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
