Henry wrote:
$router /firewall/gateway = openbsd + PF $squidserver = freebsd and $desktops....I had squid installed on my $router for the time being and got a much faster machine for my $squidserver... I pretty much copied my squid.conf to the new server with some editing to match addresses... I setup the necessary routing and firewall rules I'm sure because... I can do direct proxying if I specify the proxy server on a machine, this works. But it will be tedious to upgrade all desktops to do this and not to mention complaints if someone tampers with it or why this needs to be done or new machines being added...Anyway... I can't however do transparent proxy because I -think- squid just doesn't want to work for whatever reason which I'm trying to figure out... Doing some diagnostic work I can see a $desktop connecting to $router which redirects it to $squidserver port 3128 and on $squidserver I can see $desktop connecting... but I don't see $squidserver connecting to www to access the site nor does access.log show anything.But of course I can direct proxy and telnet to squidserver on port 3128 and it shows up on access.log....In squid.conf I've set... httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header onIs there something else I missed? Nothing shows up in the squid logs when i -try- to transparent proxy...
On the $router make sure you are proxying requests to port 80 *except* when they are coming from $squidserver
I don't know pf commands, but on iptables (sorry) it would be something like..
iptables -t nat -A PREROUTING -i eth0 -s ! $squidserver -p tcp \ --dport 80 -j DNAT --to $squidserver:3128 Where eth0 is your LAN interface.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
