[squid-users] Squid as gateway

Eliezer Croitoru eliezer at ngtech.co.il
Fri Jul 21 09:11:54 UTC 2017 

Hey,

What you describe is possible... and is recommended for many scenarios.
You just need to take into account that what you would want is to make sure your have a static route from the squid machine to the WIFI network via the WIFI Router.
Also you should use NAT(source nat \ masquerade) on the squid box if you want other traffic then port 80 to be allowed to access the internet(DNS, ICMP etc..).
This combination of:
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect?highlight=%28masquerade%29

http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat?highlight=%28sysctl%29#A.2Fetc.2Fsysctl.conf_Configuration

http://wiki.squid-cache.org/KnowledgeBase/TransparentProxySelectiveBypass?highlight=%28masquerade%29

might help you to get started.

What machine are you using the linux box for squid?

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of erdosain9
Sent: Thursday, July 20, 2017 22:08
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid as gateway

Hi, and thank you all.

Well this is the diagram.



INTERNET
+
+
FIREWALL (10.1.158.1/24)
+
+
+
SQUID (2 interfaces) 10.1.158.2/24
                                192.168.1.20/24
+
+
+
ROUTERWIFI( WAN----static ip 192.168.1.40/24 gw 192.168.1.20) LAN
192.168.0.1/24)

squid config:

acl red1 src 192.168.1.0/24

acl SSL_ports port 443
acl SSL_ports port 8443
acl SSL_ports port 8080
acl SSL_ports port 20000
acl SSL_ports port 10000
acl SSL_ports port 2083

acl Safe_ports port 631         # httpCUPS
acl Safe_ports port 85
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 8443        # httpsalt
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 8080        # edesur y otros
acl CONNECT method CONNECT


#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager

http_access allow localhost
http_access allow red1

# And finally deny all other access to this proxy http_access deny all

# Squid normally listens to port 3128
http_port 192.168.1.20:3128
http_port 192.168.1.20:3129 intercept

# Uncomment and adjust the following to add a disk cache directory.
cache_dir diskd /var/spool/squid 15000 16 256 cache_mem 256 MB

cache_swap_low 90
cache_swap_high 95

# Leave coredumps in the first cache dir coredump_dir /var/spool/squid


#Your refresh_pattern
refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store ignore-private

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

dns_nameservers 8.8.8.8 8.8.4.4
visible_hostname squid.xxxxxxxxxx.lan

-----------------------------------------------------------------------

I probe this, nothing work..............
---------------------------------------------------------------------------------------------------------------------------------------------

iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
192.168.1.20:3129
iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP 

------------------------------------------------------------------------------------------------------------------------------------------------

iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP

-----------------------------------------------------------------------------------------------------------------------------------------------

A hand....??
Thanks



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683192.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list