[squid-users] Transparent Squid Proxy Server

Reet Vyas reet.vyas28 at gmail.com
Wed Jun 3 06:50:57 UTC 2015


Hi

Thanks for reply. As of now we don't have router I have directly connected
my machine to internet and other to LAN and I have configured client
machine ubuntu to test squid which is in switch where other users are
connected using gateway of router 192.168.0.1.

I read your valuable suggestions, but I still confused with IPtables and
squid 3.3 setting ,transparent and intercept options .

root at squid:/home/squid#   ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
    link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff
    inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::21e:67ff:fecf:5974/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
    link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.200/24 brd 192.168.0.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::21e:67ff:fecf:5975/64 scope link
       valid_lft forever preferred_lft forever

root at squid:/home/squid#  ip -4 route show
default via 116.72.152.1 dev eth0
116.72.152.0/22 dev eth0  proto kernel  scope link  src 116.72.152.37
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.200





To use transparent/intercept what I have to set in my config file http_port
3128 intercept or transparent

and Iptables rules , I have tried this rules

http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

But not working

Can you please tell me the firewall rules and let me know why my firewall
rules are not working.

On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <kl at vsen.dk> wrote:

> Amos Jeffries wrote on 06/02/2015 04:34 PM:
>
>> On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:
>>
>>> I have this in my squid server for it to work:
>>>
>>
>> The key words there are ... *in my Squid server*
>>
>>  indeed :)
>
>
>> NOTE to Klavs:
>>    loading the "multiport" kernel module seems overkill for a single-port
>> match.
>>
>>  it's puppets firewall module.. haven't had enough time to fix that
> module :)
>
>
>> FYI: DONT_VERIFY_PEER, "always_direct allow all", and
>> "slproxy_cert_error allow all" have not been good ideas since 3.2.
>> dont-verify actually inhibits the Mimic functions which give
>> server-first bumping most of its usefulness.
>>
>>  Thank you for those tips.
>
> --
> Regards,
> Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200
>
> "Those who do not understand Unix are condemned to reinvent it, poorly."
>   --Henry Spencer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150603/df28eecb/attachment.html>


More information about the squid-users mailing list