Thanks heaps all working great now. Now going to try user authentication with dans guardian or squid directly. William -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: 17 April 2006 13:49 To: William Bohannan Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: transparent proxy squid mån 2006-04-17 klockan 09:03 +0000 skrev William Bohannan: > Hi I have installed squid on a debian sarge system which is running off a > usb key. Two questions: > > a) can I run squid the squid cache off the memory alone as to not age the > usb key Yes. Set "cahce_dir null" in squid.conf, and use cache_mem for your cache. Or alternatively set up a tmpfs or ramfs mount point for the cache. > b) have tried to setup transparent bridge with no luck I have used the > following options: > > "internet -- bridge -- router -- local lan" > > -> option1 > > iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port > 3128 > iptables -A INPUT -i br0 -p tcp -d xxx.xxx.xxx.xxx -s 192.168.1.0 --dport > 3128 -m state --state NEW,ESTABLISHED -j ACCEPT For this to work your kernel needs to have the bridge-netfilter integration enabled. > -> option2 > > ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port > 80 -j redirect --redirect-target ACCEPT > iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port > 3128 Never used ebtables redirect so I can't give much comments on this. But you may need an INPUT rule as well if your INPUT rules is restrictive.. Basic functionality test: Does it work if the client is configured to use the proxy? Regards Henrik
