Phillip, If all the stations on your network have public IP addresses and you have one free for the new proxy server then you only need to set up one NIC. Use the router IP address as the default gateway. Since you get the IFL filtered service you will need to configure Squid to use the IFL cache farm as a parent. Here's the config fragment: cache_peer icpcache-1.rmplc.co.uk parent 8080 3130 no-digest cache_peer icpcache-2.rmplc.co.uk parent 8080 3130 no-digest cache_peer icpcache-3.rmplc.co.uk parent 8080 3130 no-digest cache_peer icpcache-4.rmplc.co.uk parent 8080 3130 no-digest # define the local network acl local-network dst 212.132.119.128/255.255.255.192 acl all src 0.0.0.0/0.0.0.0 # force all requests for local resources to go direct always_direct allow local-network # force all requests for non-local resources to go via a parent never_direct allow all You will need to reconfigure the browsers on all your stations to use your new proxy. By default Squid will listen on port 3128 wheras the IFL proxies listen on port 8080. If you want to keep your local proxy consistent then add this to the Squid config: http_port 8080 You might also want to increase the cache hit ratio by tweaking the refresh pattern: refresh_pattern ^ftp: 1440 80% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 1440 80% 4320 reload-into-ims Also, Squid by default denies all clients so you need to add this line at the end of the http_access section: http_access allow all Regards, Simon.
Hi, Nick. I always think of you as Swiss Nick!!!
Thanks for the help.
What make is the ISDN router? Do you administer it or have any control over it? I'm thinking that you could:
It is an Ascend, I believe. I am not at school so cannot check at the moment. We have full control over our network - the router sits next to the server and we can do with it what we wish. We connect to the Internet using IFL (an RM company). The router is a standard 2x64K ISDN 2e affair.
I presume you don't have a range of "legal" Internet IP addresses for use on your network and some kind of Network Address Translation occurs either at your ISDN router or at your ISP before your traffic reaches the Internet?
Actually we do, if I read you correctly. We have range of IP addresses we can use. Each machine on the network has its own IP address and can be pinged from outside. We run our own mail server too, using NT Mail (although mail is collected globally from the ISP using POP3) so we have quite a nice little system.
Does this make things easier?