Adrian, On Feb 8, 2008 5:08 PM, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote: > It shouldn't be this difficult. I mean, I setup > ransaprent proxies in a matter of minutes > these days. > > Yes, transparent proxying support needs to be > compiled in for your architecture. > > So. To make this quick and painless: > > * which os > * squid version 3.0, ok > * squid config, sans comments > * ip firewalling/redirection rules. I'll try any distro, it's a greenfield machine. I started on Ubuntu, worked through Slackware, among others and am now back with Ubuntu 7.10 Server. The first thing I did was set up the DHCP server. Then I downloaded Squid3.0.STABLE1, extracted, ran './configure --prefix=/usr/local/squid' 'make all' 'make install' I set up my squid.conf according to the 'QUICKSTART', set up iptables according to this script: (script from http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html) ====================== #!/bin/sh SQUID_SERVER="192.168.60.254″ INTERNET="eth0″ LAN_IN="eth1″ SQUID_PORT="3128″ # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X modprobe ip_conntrack modprobe ip_conntrack_ftp echo 1 > /proc/sys/net/ipv4/ip_forward iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i $INTERNET -m state / --stateSTABLISHED,RELATED -j ACCEPT iptables --table nat --append POSTROUTING / --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface / $LAN_IN -j ACCEPT iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT iptables -t nat -A PREROUTING -i $LAN_IN / -p tcp --dport 80 -j DNAT --to / $SQUID_SERVER:$SQUID_PORT iptables -t nat -A PREROUTING -i $INTERNET / -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT iptables -A INPUT -j LOG iptables -A INPUT -j DROP ====================== At this point Squid worked, but it hacked off the Domain part of the URL and was unable to resolve the directory/htmlfilename part of the URL. I tried everything I could think of to get it to work, without success. In the end I wiped the Hard Drive (I must've reformatted this machine twenty or thirty times over the last 5 weeks) and started again from scratch using these instructions: http://kuscsik.blogspot.com/2008/01/transparent-proxy-with-squid-3-on.html This is where I am at the moment.
