Search squid archive

RE: Squid as only a transparent cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That link http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat was helpful Amos. Though instead of a mangle INPUT chain rule(as mentioned in the link) in iptables I had to add a mangle PREROUTING Chain rule in iptables as follows

iptables -t mangle -A PREROUTING -p tcp -i ! lo --dport 3128 -j DROP

This rule gets is allowing cachemgr access to port 3128 while deny access to port 3128 from other machines. The link http://www.faqs.org/docs/iptables/traversingoftables.html tells that mangle PREROUTING table chain is traversed first than nat PREROUTING table.

DO we need to modify the text in there?

Regards,
Saurabh

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Thursday, March 31, 2011 6:28 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Squid as only a transparent cache

On 01/04/11 00:43, Saurabh Agarwal wrote:
> I want Squid to behave only as a transparent caching proxy. We are making all traffic go through a bridge box which runs squid.
> I want that no user can explicitly use squid as a proxy cache by configuring proxy cache settings in the browser. Only traffic that is routed through the bridge box gets transparently intercepted for caching.

Okay. This is more of a firewall problem than a Squid one.

Do you use iptables? I've added the "mangle" tables rules that do this 
to the example configuration:
  http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat

(works for DNAT, REDIRECT and TPROXY capturing).

I'm not sure about other firewalls. The criteria of when the block needs 
to happen in the packet flow is outlined in that wiki page.

Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.5



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux