[squid-users] Transparent Squid Proxy Server
Klavs Klavsen
kl at vsen.dk
Wed Jun 3 07:34:53 UTC 2015
Your client needs to use your squid server as default gateway.
And then you need the iptables rules I wrote about to direct traffic
into squid for certain ports.
Reet Vyas wrote on 06/03/2015 08:50 AM:
> Hi
>
> Thanks for reply. As of now we don't have router I have directly
> connected my machine to internet and other to LAN and I have configured
> client machine ubuntu to test squid which is in switch where other users
> are connected using gateway of router 192.168.0.1.
>
> I read your valuable suggestions, but I still confused with IPtables and
> squid 3.3 setting ,transparent and intercept options .
>
> root at squid:/home/squid# ip addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff
> inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0
> valid_lft forever preferred_lft forever
> inet6 fe80::21e:67ff:fecf:5974/64 scope link
> valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff
> inet 192.168.0.200/24 <http://192.168.0.200/24> brd 192.168.0.255
> scope global eth1
> valid_lft forever preferred_lft forever
> inet6 fe80::21e:67ff:fecf:5975/64 scope link
> valid_lft forever preferred_lft forever
>
> root at squid:/home/squid# ip -4 route show
> default via 116.72.152.1 dev eth0
> 116.72.152.0/22 <http://116.72.152.0/22> dev eth0 proto kernel scope
> link src 116.72.152.37
> 192.168.0.0/24 <http://192.168.0.0/24> dev eth1 proto kernel scope
> link src 192.168.0.200
>
>
>
>
>
> To use transparent/intercept what I have to set in my config file
> http_port 3128 intercept or transparent
>
> and Iptables rules , I have tried this rules
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
>
> But not working
>
> Can you please tell me the firewall rules and let me know why my
> firewall rules are not working.
>
> On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <kl at vsen.dk
> <mailto:kl at vsen.dk>> wrote:
>
> Amos Jeffries wrote on 06/02/2015 04:34 PM:
>
> On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:
>
> I have this in my squid server for it to work:
>
>
> The key words there are ... *in my Squid server*
>
> indeed :)
>
>
> NOTE to Klavs:
> loading the "multiport" kernel module seems overkill for a
> single-port
> match.
>
> it's puppets firewall module.. haven't had enough time to fix that
> module :)
>
>
> FYI: DONT_VERIFY_PEER, "always_direct allow all", and
> "slproxy_cert_error allow all" have not been good ideas since 3.2.
> dont-verify actually inhibits the Mimic functions which give
> server-first bumping most of its usefulness.
>
> Thank you for those tips.
>
> --
> Regards,
> Klavs Klavsen, GSEC - kl at vsen.dk <mailto:kl at vsen.dk> -
> http://www.vsen.dk - Tlf. 61281200
>
> "Those who do not understand Unix are condemned to reinvent it, poorly."
> --Henry Spencer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
Regards,
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
More information about the squid-users
mailing list