On Fri, Dec 19, 2008 at 8:38 AM, Vixay Tom Bounxokvan <tom@xxxxxxxxxxx> wrote: > Hello, > > I have gone through Internet and FAQ but couldn't find solution to this > problem. > I'm trying to setup squid to monitor users (which websites they are > visiting). > > <<SETUP>> > IP range = 10.0.32.0/22 netmask = 255.255.252.0 > [LAN PCs] -> [eth0 - F9 squid3-stable2 - eth1] -> [eth1 - Linux - eth0] > -> Internet > 10.0.32.100+ 10.0.32.3 10.0.32.2 10.0.32.1 58.x.x.x > > I'm using mostly the default setting below, allow all! > > /etc/squid/squid.conf > cache_effective_user squid > cache_effective_group squid > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 > acl localnet src 10.0.32.0/22 # RFC1918 possible internal network > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > #http_access deny manager > http_access deny !Safe_ports > #http_access deny CONNECT !SSL_ports > http_access allow localnet > http_access allow localhost > #http_access deny all > icp_access allow localnet > #icp_access deny all > htcp_access allow localnet > #htcp_access deny all > http_port 10.0.32.3:3128 transparent > always_direct allow localnet > hierarchy_stoplist cgi-bin ? > access_log /var/log/squid/access.log squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern (cgi-bin|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > icp_port 3130 > > It works fine if I put the proxy setting in the browser but transparent > proxy does not it work. Transparent proxy is not compiled in SQUID rpm? > How can I find out? > > This is what I get when I tried transparent proxy .. > /var/log/squid/access.log > 1229583671.700 0 10.0.32.90 NONE/400 1823 GET / - NONE/- text/html > 1229583671.733 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583674.762 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583675.300 0 10.0.32.90 NONE/400 1823 GET / - NONE/- text/html > 1229583677.693 0 10.0.32.90 NONE/400 1823 GET / - NONE/- text/html > 1229583677.711 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583680.485 0 10.0.32.90 NONE/400 1823 GET / - NONE/- text/html > 1229583680.570 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583680.687 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583680.688 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583686.219 0 10.0.32.90 NONE/400 1829 GET /ten - NONE/- > text/html > 1229583690.862 0 10.0.32.90 NONE/400 1823 GET / - NONE/- text/html > 1229583690.887 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583693.880 0 10.0.32.90 NONE/400 1845 GET /favicon.ico - NONE/- > text/html > 1229583695.224 0 10.0.32.90 NONE/400 1829 GET /%27 - NONE/- > text/html > 1229584207.617 0 10.0.32.90 NONE/400 1959 GET > /safebrowsing/rd/goog-malware-shavar_s_8806-8810;8806-8808;8809-8810: - > NONE/- text/html > > Any help is much appreciate.. this is my first time with Squid .. > thanks! > > Tom > > Hi, For transparent to works, you'll need to "forward" the traffic to Squid listening port. (eq. your setup would be 3128). Please refer to the docs in the following links http://wiki.squid-cache.org/ConfigExamples/Intercept. regards, /alex
