[squid-users] Transparent Squid Proxy Server

Reet Vyas reet.vyas28 at gmail.com
Tue Jun 2 12:31:15 UTC 2015 

I am trying to configure transparent squid proxy on ubuntu 14.04 Server and
squid 3.3 version I am using

My Lan and Wan settings

eth0      Link encap:Ethernet  HWaddr 00:1e:67:cf:59:74
          inet addr:116.72.*.*  Bcast:116.72.155.255  Mask:255.255.252.0
          inet6 addr: fe80::21e:67ff:fecf:5974/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:238950 errors:0 dropped:0 overruns:0 frame:0
          TX packets:236104 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:22219047 (22.2 MB)  TX bytes:17390502 (17.3 MB)
          Interrupt:16 Memory:d0a00000-d0a20000

eth1      Link encap:Ethernet  HWaddr 00:1e:67:cf:59:75
          inet addr:192.168.0.200  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:67ff:fecf:5975/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:96965 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11785 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10764615 (10.7 MB)  TX bytes:7151763 (7.1 MB)
          Interrupt:17 Memory:d0900000-d0920000

my squid.conf file

acl mynet src 116.72.152.37 192.168.0.0/16    # RFC1918 possible internal
network
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow mynet
http_access allow localhost
http_access allow all
http_port 3128
cache_dir ufs /usr/local/cache 10000 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600       90%     43200
refresh_pattern .        0    20%    4320


but when I use 192.168.0.200 in my client machine as gateway ... internet
is not working and I cant see logs in access.log

But when I use this IP in my browser it is working and showing logs but
with my tplink router  gateway i.e 192.168.0.1.

IPTable rules :
num  target     prot opt source               destination
1    DNAT       tcp  --  anywhere             anywhere             tcp
dpt:http to:192.168.0.200:3128
2    REDIRECT   tcp  --  anywhere             anywhere             tcp
dpt:http redir ports 3128

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination


Please tell me what I am missing in IPtables and squid3 configuration . I
tried both transparent as well as intercept option but I think I have issue
with iptables or may be configuration issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150602/4204df57/attachment.html>

More information about the squid-users mailing list