Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 15 December 2024, 12:55:14 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Filter two RED interfaces through Proxy
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Filter two RED interfaces through Proxy  (Read 21602 times)
Gavin
Full Member
***
Offline Offline

Posts: 20


« on: Saturday 07 November 2009, 06:11:27 am »

Hey EFW Community!

I'm working on setting up a firewall with a single GREEN interface (192.168.0.1) and two RED interfaces which connect to two different ISP's. I'll call them ISP-A and ISP-B.

What I'm trying to do is have most of the staff use ISP-A for their connection. However, we have a select few that need a dedicated line. This is where ISP-B comes in. I've defined the MAC address of the selected computers to use ISP-B in the Network -> Routing -> Policy Routing area.

This works as expected. But, if I enable the Proxy service for content filtering, all traffic is forced through the "main" RED interface (ISP-A). If I disable Proxy, it again works as expected, the defined MAC addresses use ISP-B and everybody else goes through ISP-A.

My question is, how do I get the proxy to work with both RED interfaces? Its obvious that this is the problem, but I dont have much experience working with Squid or DansGuardian.

Any suggestions, links to resources etc. would be appreciated.
Logged
Gavin
Full Member
***
Offline Offline

Posts: 20


« Reply #1 on: Tuesday 10 November 2009, 05:49:19 am »

Anybody?
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #2 on: Tuesday 10 November 2009, 06:47:43 am »

You would need to define proxy access policys for the different users, then use a custom squid configuration defining the tcp_outgoing_address for the created ACL that matches your access policy.

http://www.squid-cache.org/Doc/config/tcp_outgoing_address/
Logged
Gavin
Full Member
***
Offline Offline

Posts: 20


« Reply #3 on: Tuesday 10 November 2009, 07:02:01 am »

Thanks npeterson. I'll post back if I get this sorted.
Logged
Gavin
Full Member
***
Offline Offline

Posts: 20


« Reply #4 on: Wednesday 11 November 2009, 03:56:50 am »

What I ended up doing is splitting the services across the two ISPs instead of a workstation IP or MAC address.

For example, all users go through ISP-A for web-browsing, which is fed through the web proxy and content filter, and all high bandwidth traffic such as FTP are fed through ISP-B. Not only is this available in EFW without modification, but makes it quite easy to load balance traffic by simply defining routing policies.

Thanks again for your help.

Gavin
Logged
yuthakarn
Jr. Member
*
Offline Offline

Posts: 1


« Reply #5 on: Wednesday 13 January 2010, 08:07:54 pm »

Gavin, can you give me a hint to do this.
I tried but it's not success. If I turn on http proxy, the routing policies don't work.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com