prophetmr wrote:
i can save you the trouble of looking at the conf file everything is default
except i set it to
http_port 192.168.3.107:3128 transparent
using 2.7 defaults,the reason i did that is im divorced and running squid
transparent is so i dont have to set the browsers to proxy everytime i have
the kids and reset it before they go to their mothers. It may be something
in my router that is making everything show as 192.168.3.1 in the logs i
have the firewall running this script on boot
# nvram set rc_firewall="
#!/bin/sh
INTERNAL_NETWORK="192.168.3.1/24"
ROUTER_IP="192.168.3.1"
PROXY_SERVER="192.168.3.107"
PROXY_PORT="3128"
if [ -z $TRANSPARENT_PROXY ]; then
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK \
-d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp
--dport 80 \
-j DNAT --to $PROXY_SERVER:$PROXY_PORT
/usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p
tcp -d \
$PROXY_SERVER -j SNAT --to $ROUTER_IP
This changes the source IP of the traffic to 192.168.3.1.
/usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d
$PROXY_SERVER -i br0 \
-o br0 -p tcp --dport $PROXY_PORT -j ACCEPT
export TRANSPARENT_PROXY="1"
else
echo /"This script has already run!"
echo /"If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell."
fi
"
[Ctrl+D]
# nvram commit
the way its set up now i have the kids connect via wireless to the router on
the lan side and the wan side is the squid router which is connected to a
repeater from my neighbors who let me split the bill with them since i cant
get broadband.
Have a look at
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute,
or look into using WPAD.
Chris
