Search squid archive

Re: squid transparent proxy still not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adrian Chadd wrote:
Have you followed http://wiki.squid-cache.org/ConfigExamples/ and setup
the forwarding, et al, correctly?

Just so you know, I can build a proxy from a default debian install
by following one of the examples there and transparent proxying "just"
works.



Adriank

On Sat, Feb 09, 2008, kang ason wrote:
Dear All
I was succesfully installing squid 2.6 STABLE 18 in
debian 4.0 with command and option bellow
./configure --prefix=/usr/local/squid
--enable-delay-pools--enable-poll
--disable-indent-lookup --enable-truncate
--enable-cache-digests --enable-linux-netfilter
--enable-async-io=16 --enable-removal-policies\

./make all
./make install
This server have two interfaces, eth0 to internet &
eth1 to LAN
And this is my squid.conf

http_port 8080 transparent
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl apache rep_header Server ^Apache

## client IP Address
acl vlan10 src 192.168.10.0/24 icp_access allow all
hierarchy_stoplist cgi-bin ?
cache_mem 64 MB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /usr/local/squid/var/cache 5000 18 256
minimum_object_size 0 KB
maximum_object_size 51200 KB
cache_swap_low 98
cache_swap_high 99
access_log /usr/local/squid/var/logs/access.log squid
cache_log /dev/null
cache_store_log /dev/null
emulate_httpd_log off
log_ip_on_direct on:
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /usr/local/squid/var/logs/squid.pid
log_fqdn off
client_netmask 255.255.255.0
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern .		0	20%	4320
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access allow localhost
http_access allow manager localhost
http_access allow purge localhost
http_access allow vlan10
http_access deny manager
http_access deny all
broken_vary_encoding allow apache
cache_vary on
cache_effective_user proxy
cache_mgr wifiproxy2008
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
coredump_dir /usr/local/squid/var/cache
visible_hostname wifi2008
cache_effective_group proxy
always_direct allow all
store_dir_select_algorithm round-robin
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
##---- end of squid.conf ----
Squid Running No error

and this is my iptables for squid transparent
iptables -t nat -A PREROUTING -i eth0 -s 192.168.10.10
-p tcp --dport 80 -j ACCEPT

Is that meant to be eth0 or eth1?

iptables -t nat -A PREROUTING -i eth1 -s 192.168.10/24
-p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t filter -A FORWARD -i eth1 -s 192.168.10/24
-p tcp --dport 80 -j REJECT

what wrong with my squid.conf or iptables rules?
why transparent proxy not working, & why client must
setting using proxy in their browser if the want
using proxy

Do you have any block on -t filter -L INPUT/OUTPUT that could block this traffic?


thaks

regards
ason
Cah Kopeng
Lereng Utara Gunung Merbabu


      ____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs



--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux