Re: Route to squid Proxy

smalle1 · 03-06-2024 12:03 AM

Hi Team

I have multiple vms in one network .All the vms have private ip address and a cloud nat to support egress traffic.

I have installed squid proxy in one of the vms to filter web traffic.

I have added a route with source 0.0.0.0/0 and next hop is my squid VM.

but none of my vms cant access internet.

i am trying to acheive this. vm-> squidVM->NAT->Internetgateway

Marvin_Lucero

Hi @smalle1 ,

@smalle1 wrote:

I have added a route with source 0.0.0.0/0 and next hop is my squid VM.

You mentioned you added a route with a source of 0.0.0.0/0, which means all traffic will be routed through the Squid VM. However, from the looks of it, this might not be correct since your VMs have private IP addresses. I suggest you should configure the route on each VM with the source as its own private IP address.

For example:

If your Squid VM has a private IP address of 10.0.0.2 and your other VMs have private IP addresses of 10.0.0.3 and 10.0.0.4, then, you should add the following routes on the VMs with IP addresses 10.0.0.3 and 10.0.0.4:

VM 10.0.0.3: route add default gw 10.0.0.2
VM 10.0.0.4: route add default gw 10.0.0.2

Also, on the other hand, please check if Squid configuration allows HTTP/HTTPS traffic and has the correct ACL settings.

Add to it that your Cloud NAT configuration allows SNAT (Source Network Address Translation) for the Squid VM's private IP address. This will allow the Squid VM to translate the private IP address to the Cloud NAT's public IP address when forwarding traffic to the internet.

Let me know if this helps.

smalle1

Hi Marvin

I have tried to add the routes as per your suggestion.I do not see a source option while creating a static route , i have added an instance tag as per below.I am getting an error which i am pasting below.Am I missing anything here?

akhilkochuveett

Hi Marvin,

I was trying to add the route command and got the following error:

10.0.2.3 is the IP of machineB

machineA: sudo route add default gw 10.0.2.3
SIOCADDRT: Network is unreachable

I also tried netcat. I have squid VM running in port 3128.

MachineA: nc -vz 10.0.2.3 3128
Connection to 10.0.2.3 3128 port [tcp/*] succeeded!

Could you please let us know what went wrong? does it matter which port we run squid proxy in the machineB?
Is there anyway we can use gcp routes service or something to route traffic to squid VM instead of directing to default gateway? the current approach is good its just that we have to update routes in each VM.

Thanks

Akhil

MargotKing

Make sure that your Squid VM has proper IP forwarding enabled, and verify that your firewall rules allow traffic from the VMs to the Squid VM and beyond.I had a similar issue once and found that adding specific routes for the internal network and checking NAT rules helped. Also, for another project, I used (URL Removed by Staff) from Proxidize when I needed an extra layer of traffic handling. It was pretty effective in bypassing certain network limitations, so it might be worth considering if you’re still having trouble with your setup.

simonmartyr73

Also consider the managed solution SWP

https://cloud.google.com/secure-web-proxy/docs/overview