Search squid archive

2.6.STABLE3: how to set up transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OK. I've spent the past 4 hours searching old postings and squid related web sites for this answer and seem to find things keep leading in circles.
I have a Linux 2.6.17 firewall running squid and squidGuard. The firewall is configured such that all outgoing http access gets NATed to port 3128 (on the fw) where squid then runs squidGuard to filter out "bad" sites. That is ALL squid is intended for is to run squidGuard on all outgoing web accesses. I need this type of configuration since updating the proxy in the web browsers is too easy to turn off (and gain access to the "bad" sites) so I need something transparent.
I had been running squid squid-2.5.STABLE12 with little problems, but did run into a problem with an app failing to update itself via http (because squid got in the way) so I wanted to upgrade to 2.6.STABLE3 hoping the problem would be fixed. Unfortunately I can't get 2.6.STABLE3 configured to work the same way. 

Many of the previous posting suggest:
- read the release notes:
well, I've done that and they don't given any examples, only a word description that an "option" can be used to do this. So it isn't clear at all what the correct form of the options are to configure squid to be transparent since it appears that multiple 
   options are required and no where are they all together discussed
- read the FAQ
again it says almost the same thing, or doesn't exist (one wiki was still being written in regards 
   to transparent proxy setup)
- or they suggest things which didn't work (or produced startup errors)

My previous configuration was basically:

httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

with iptables configured with:
iptables -t nat -A PREROUTING -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j DNAT --to-destination 10.200.1.100:3128
So only outgoing port 80 were NAT'ed to 3128. All incoming port 80 are dealt with separately (forwarded to the web server).
I've tried the following squid config (since that seemed to be what most people suggested) without success: 
  http_port 3128 transparent
  cache_peer localhost parent 3128 0 no-query originserver
but this mangles the URL adding port 3128 to the host.  I.e. changes
   http://google.com to http://google.com:3128
Even tried variations on http_port and cache_peer.
So is there a simple example of how to set up a transparent proxy (local cache)? 

tia
   ++Tait
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux