<div dir="ltr"><div><div><div><div><div><div>Hi <br><br></div>Thanks for reply. As of now we don't have router I have directly connected my machine to internet and other to LAN and I have configured client machine ubuntu to test squid which is in switch where other users are connected using gateway of router 192.168.0.1.<br><br></div>I read your valuable suggestions, but I still confused with IPtables and squid 3.3 setting ,transparent and intercept options .<br><br>root@squid:/home/squid# ip addr show<br>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default <br> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br> inet <a href="http://127.0.0.1/8">127.0.0.1/8</a> scope host lo<br> valid_lft forever preferred_lft forever<br> inet6 ::1/128 scope host <br> valid_lft forever preferred_lft forever<br>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br> link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff<br> inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0<br> valid_lft forever preferred_lft forever<br> inet6 fe80::21e:67ff:fecf:5974/64 scope link <br> valid_lft forever preferred_lft forever<br>3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br> link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff<br> inet <a href="http://192.168.0.200/24">192.168.0.200/24</a> brd 192.168.0.255 scope global eth1<br> valid_lft forever preferred_lft forever<br> inet6 fe80::21e:67ff:fecf:5975/64 scope link <br> valid_lft forever preferred_lft forever<br><br>root@squid:/home/squid# ip -4 route show<br>default via 116.72.152.1 dev eth0 <br><a href="http://116.72.152.0/22">116.72.152.0/22</a> dev eth0 proto kernel scope link src 116.72.152.37 <br><a href="http://192.168.0.0/24">192.168.0.0/24</a> dev eth1 proto kernel scope link src 192.168.0.200 <br><br><br><br><br><br></div>To use transparent/intercept what I have to set in my config file http_port 3128 intercept or transparent<br><br></div>and Iptables rules , I have tried this rules <br><br><a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect">http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect</a><br><br></div>But not working <br><br></div>Can you please tell me the firewall rules and let me know why my firewall rules are not working.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <span dir="ltr"><<a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Amos Jeffries wrote on 06/02/2015 04:34 PM:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I have this in my squid server for it to work:<br>
</blockquote>
<br>
The key words there are ... *in my Squid server*<br>
<br>
</blockquote></span>
indeed :)<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
NOTE to Klavs:<br>
loading the "multiport" kernel module seems overkill for a single-port<br>
match.<br>
<br>
</blockquote></span>
it's puppets firewall module.. haven't had enough time to fix that module :)<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
FYI: DONT_VERIFY_PEER, "always_direct allow all", and<br>
"slproxy_cert_error allow all" have not been good ideas since 3.2.<br>
dont-verify actually inhibits the Mimic functions which give<br>
server-first bumping most of its usefulness.<br>
<br>
</blockquote></span>
Thank you for those tips.<span class="im HOEnZb"><br>
<br>
-- <br>
Regards,<br>
Klavs Klavsen, GSEC - <a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a> - <a href="http://www.vsen.dk" target="_blank">http://www.vsen.dk</a> - Tlf. 61281200<br>
<br>
"Those who do not understand Unix are condemned to reinvent it, poorly."<br>
--Henry Spencer<br>
<br></span><div class="HOEnZb"><div class="h5">
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>