On Fri, Feb 08, 2008, Dave Coventry wrote: > I'll try any distro, it's a greenfield machine. > > I started on Ubuntu, worked through Slackware, among others and am now > back with Ubuntu 7.10 Server. Ok. Ubuntu 7.10 is fine. > The first thing I did was set up the DHCP server. Ok. Not squid related. > > Then I downloaded Squid3.0.STABLE1, extracted, ran './configure > --prefix=/usr/local/squid' > 'make all' > 'make install' Under linux, add --enable-linux-netfilter to the configure line. > I set up my squid.conf according to the 'QUICKSTART', set up iptables > according to this script: > (script from http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html) Why didn't you follow http://wiki.squid-cache.org/ConfigExamples/ ? There's half a dozen examples involving Linux + transparent interception. Adrian > ====================== > #!/bin/sh > SQUID_SERVER="192.168.60.254?$B!m > INTERNET="eth0?$B!m > LAN_IN="eth1?$B!m > SQUID_PORT="3128?$B!m > > # Clean old firewall > iptables -F > iptables -X > iptables -t nat -F > iptables -t nat -X > iptables -t mangle -F > iptables -t mangle -X > > modprobe ip_conntrack > modprobe ip_conntrack_ftp > echo 1 > /proc/sys/net/ipv4/ip_forward > > > iptables -P INPUT DROP > iptables -P OUTPUT ACCEPT > > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT > > iptables -A INPUT -i $INTERNET -m state / > --stateSTABLISHED,RELATED -j ACCEPT > > iptables --table nat --append POSTROUTING / > --out-interface $INTERNET -j MASQUERADE > iptables --append FORWARD --in-interface / > $LAN_IN -j ACCEPT > > iptables -A INPUT -i $LAN_IN -j ACCEPT > iptables -A OUTPUT -o $LAN_IN -j ACCEPT > > > iptables -t nat -A PREROUTING -i $LAN_IN / > -p tcp --dport 80 -j DNAT --to / > $SQUID_SERVER:$SQUID_PORT > > iptables -t nat -A PREROUTING -i $INTERNET / > -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT > > iptables -A INPUT -j LOG > iptables -A INPUT -j DROP > ====================== > > At this point Squid worked, but it hacked off the Domain part of the > URL and was unable to resolve the directory/htmlfilename part of the > URL. > > I tried everything I could think of to get it to work, without success. > > In the end I wiped the Hard Drive (I must've reformatted this machine > twenty or thirty times over the last 5 weeks) and started again from > scratch using these instructions: > http://kuscsik.blogspot.com/2008/01/transparent-proxy-with-squid-3-on.html > > This is where I am at the moment. -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
