Search squid archive

RE: Really transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here it goes!
#####squid Conf.#####
http_port 3128 tproxy  transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
	acl Safe_ports port 80		# http
	acl Safe_ports port 21		# ftp
	acl Safe_ports port 443		# https
	acl Safe_ports port 70		# gopher
	acl Safe_ports port 210		# wais
	acl Safe_ports port 1025-65535	# unregistered ports
	acl Safe_ports port 280		# http-mgmt
	acl Safe_ports port 488		# gss-http
	acl Safe_ports port 591		# filemaker
	acl Safe_ports port 777		# multiling http
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 0.0.0.0/0.0.0.0
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname debian-sq
wccp2_router y.y.y.y
 wccp_version 4
 wccp2_forwarding_method 1
 wccp2_return_method 1
 wccp2_assignment_method 1
coredump_dir /usr/local/squid/var/cache
###### end of file #####

Here are the Iptables:
squid-RC9:/usr/local/squid/etc# iptables -L -t tproxy Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY redirect 0.0.0.0:3128
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY redirect 0.0.0.0:3128

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

if any extra info is needed i have no problem to postit! 


Thnxs all!!
Facundo Vilarnovo

-----Mensaje original-----
De: Facundo Vilarnovo [mailto:fvilarnovo@xxxxxxxxxx] 
Enviado el: Miércoles, 16 de Mayo de 2007 12:26 a.m.
Para: zulkarnain; squid-users@xxxxxxxxxxxxxxx
CC: Nicolas Royo
Asunto: RE:  Really transparent proxy

Here it goes!
#####squid Conf.#####
http_port 3128 tproxy  transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
	acl Safe_ports port 80		# http
	acl Safe_ports port 21		# ftp
	acl Safe_ports port 443		# https
	acl Safe_ports port 70		# gopher
	acl Safe_ports port 210		# wais
	acl Safe_ports port 1025-65535	# unregistered ports
	acl Safe_ports port 280		# http-mgmt
	acl Safe_ports port 488		# gss-http
	acl Safe_ports port 591		# filemaker
	acl Safe_ports port 777		# multiling http
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 0.0.0.0/0.0.0.0
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname debian-sq
wccp2_router XXX.XXX.XXX.XXX
 wccp_version 4
 wccp2_forwarding_method 1
 wccp2_return_method 1
 wccp2_assignment_method 1
coredump_dir /usr/local/squid/var/cache
###### end of file #####

Here are the Iptables:
squid-RC9:/usr/local/squid/etc# iptables -L -t tproxy
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:3128
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:3128

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

if any extra info is needed i have no problem to postit! 


Thnxs all!!
Facundo Vilarnovo

-----Mensaje original-----
De: zulkarnain [mailto:sizulku@xxxxxxxxx] 
Enviado el: Martes, 15 de Mayo de 2007 11:22 p.m.
Para: Facundo Vilarnovo; squid-users@xxxxxxxxxxxxxxx
CC: Nicolas Royo
Asunto: RE:  Really transparent proxy


--- Facundo Vilarnovo <fvilarnovo@xxxxxxxxxx> wrote:
> 	Now we got squid+wccp+tproxy module working but,
> some sites like http://www.whatsmyipaddress.com/
> shows the client origin ip address (that's correct)
> and ALSO shows that is behind and PROXY!, any ideas
> of what can be wrong?, if is needed we may post our
> configuration file of squid!
> 

Have you turn OFF "via" and "forwarded_for" on your
squid.conf?

-Zul


 
________________________________________________________________________
____________
The fish are biting. 
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux