Your hardware suggestion are overkill. I manage a 8 GB gateway at a client site that runs Squid for over 200 users while also scanning all their inbound email. Hardly breaks a sweat.
I'd put the Squid box behind the final router that connects upstream to the Internet. So you would assign eth0 an address in the router's subnet. If the router has its "LAN" connection as 192.168.1.1, you would use 192.168.1.2 on eth0. You can have additional Ethernet connections just by defining eth2, eth3, etc. You probably want to use static addressing on this box by adding stanzas to /etc/network/interfaces like this:
Code:
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.3.1
netmask 255.255.255.0
Notice only the interface pointing upstream has a "gateway" entry.
If you go the transparent route, then you can differentiate between you and your neighbors by only redirecting their traffic through the proxy. You'll need an iptables rule like this:
Code:
/sbin/iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-port 3128 -s 192.168.3.0/24 --dport 80
That routes traffic coming from 192.168.3.0/24 through the Squid cache, but leaves traffic from 192.168.2.0/24 alone.
Bookmarks