Search squid archive

Re: squid transparent proxy + parent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 28/05/11 02:54, Phillip Evans wrote:
Hi,

I've tried searching the mailing list and google but I can't seem to
find a solution.

I'm trying to set-up a squid proxy server (squid V3.1)  in our
organisation for external users.

I've configured a Linux box (fedora 14) with 2 NIC, the first (eth0 IP
address 172.20.104.148 - gateway 172.20.104.1) goes to the outside
world and the other (eth1 - address/gateway 192.168.0.1) connects to
an internal LAN. There is a DHCP server running on eth1, and that all
works fine.

One the other end of eth0 is a proxy server that I know nothing about
other than the IP and port number. I've configured squid with a parent
cache, the ACL to allow the LAN addresses through, it seems to be
working because if i connect a client machine to eth1 and enter the
proxy details for the squid box it will browse the internet with no
problems.

You just said this was for "for external users.". Did you mean internal/LAN users? The requirements and limits are very different.



However, I cannot get the squid box to run as a transparent proxy (if
I remove the proxy details from the client it ceases to work).

I added the 'http_port 3128 transparent' to the squid.conf file but no
joy, I read this command has now been depreciated and to use the
'http_port 3128 intercept' command instead, again, this doesn't work.

Correct. All it does is tell Squid what type of traffic is going to arrive and to contact the NAT table for further information about new connections.

Also, it is unsafe to set the flags on port 3128. There are at least two popular softwares around which scan port 80 and 3128 for transparent proxies to abuse. Pick a random port for Squid and consider it a secret for use only between squid and iptables. The main 3128 can stay open for management or normal proxy traffic if you like.


<snip failures>
None of these work (obviously)

Can anyone help?

 http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
OR
 http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.7 and 3.1.12.1


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux