<div dir="ltr"><div>Hi,<br><br></div>I changed the iptables still no luck :( but I am using squid 3.3 only can I didn't understand why you have configured 3129 ,3130 and 3128 port?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 3, 2015 at 1:04 PM, Klavs Klavsen <span dir="ltr"><<a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Your client needs to use your squid server as default gateway.<br>
<br>
And then you need the iptables rules I wrote about to direct traffic into squid for certain ports.<span class=""><br>
<br>
Reet Vyas wrote on 06/03/2015 08:50 AM:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi<br>
<br>
Thanks for reply. As of now we don't have router I have directly<br>
connected my machine to internet and other to LAN and I have configured<br>
client machine ubuntu to test squid which is in switch where other users<br>
are connected using gateway of router 192.168.0.1.<br>
<br>
I read your valuable suggestions, but I still confused with IPtables and<br>
squid 3.3 setting ,transparent and intercept options .<br>
<br>
root@squid:/home/squid# ip addr show<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN<br>
group default<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br></span>
inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> <<a href="http://127.0.0.1/8" target="_blank">http://127.0.0.1/8</a>> scope host lo<span class=""><br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host<br>
valid_lft forever preferred_lft forever<br>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast<br>
state UP group default qlen 1000<br>
link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff<br>
inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::21e:67ff:fecf:5974/64 scope link<br>
valid_lft forever preferred_lft forever<br>
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast<br>
state UP group default qlen 1000<br>
link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff<br></span>
inet <a href="http://192.168.0.200/24" target="_blank">192.168.0.200/24</a> <<a href="http://192.168.0.200/24" target="_blank">http://192.168.0.200/24</a>> brd 192.168.0.255<span class=""><br>
scope global eth1<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::21e:67ff:fecf:5975/64 scope link<br>
valid_lft forever preferred_lft forever<br>
<br>
root@squid:/home/squid# ip -4 route show<br>
default via 116.72.152.1 dev eth0<br>
</span><a href="http://116.72.152.0/22" target="_blank">116.72.152.0/22</a> <<a href="http://116.72.152.0/22" target="_blank">http://116.72.152.0/22</a>> dev eth0 proto kernel scope<br>
link src 116.72.152.37<br>
<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a> <<a href="http://192.168.0.0/24" target="_blank">http://192.168.0.0/24</a>> dev eth1 proto kernel scope<span class=""><br>
link src 192.168.0.200<br>
<br>
<br>
<br>
<br>
<br>
To use transparent/intercept what I have to set in my config file<br>
http_port 3128 intercept or transparent<br>
<br>
and Iptables rules , I have tried this rules<br>
<br>
<a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect</a><br>
<br>
But not working<br>
<br>
Can you please tell me the firewall rules and let me know why my<br>
firewall rules are not working.<br>
<br>
On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <<a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a><br></span><span class="">
<mailto:<a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a>>> wrote:<br>
<br>
Amos Jeffries wrote on 06/02/2015 04:34 PM:<br>
<br>
On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:<br>
<br>
I have this in my squid server for it to work:<br>
<br>
<br>
The key words there are ... *in my Squid server*<br>
<br>
indeed :)<br>
<br>
<br>
NOTE to Klavs:<br>
loading the "multiport" kernel module seems overkill for a<br>
single-port<br>
match.<br>
<br>
it's puppets firewall module.. haven't had enough time to fix that<br>
module :)<br>
<br>
<br>
FYI: DONT_VERIFY_PEER, "always_direct allow all", and<br>
"slproxy_cert_error allow all" have not been good ideas since 3.2.<br>
dont-verify actually inhibits the Mimic functions which give<br>
server-first bumping most of its usefulness.<br>
<br>
Thank you for those tips.<br>
<br>
--<br>
Regards,<br></span>
Klavs Klavsen, GSEC - <a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a> <mailto:<a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a>> -<span class=""><br>
<a href="http://www.vsen.dk" target="_blank">http://www.vsen.dk</a> - Tlf. 61281200<br>
<br>
"Those who do not understand Unix are condemned to reinvent it, poorly."<br>
--Henry Spencer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br></span>
<mailto:<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><span class=""><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
</span></blockquote><div class="HOEnZb"><div class="h5">
<br>
<br>
-- <br>
Regards,<br>
Klavs Klavsen, GSEC - <a href="mailto:kl@vsen.dk" target="_blank">kl@vsen.dk</a> - <a href="http://www.vsen.dk" target="_blank">http://www.vsen.dk</a> - Tlf. 61281200<br>
<br>
"Those who do not understand Unix are condemned to reinvent it, poorly."<br>
--Henry Spencer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>