On 28/05/11 02:54, Phillip Evans wrote:
Hi, I've tried searching the mailing list and google but I can't seem to find a solution. I'm trying to set-up a squid proxy server (squid V3.1) in our organisation for external users. I've configured a Linux box (fedora 14) with 2 NIC, the first (eth0 IP address 172.20.104.148 - gateway 172.20.104.1) goes to the outside world and the other (eth1 - address/gateway 192.168.0.1) connects to an internal LAN. There is a DHCP server running on eth1, and that all works fine. One the other end of eth0 is a proxy server that I know nothing about other than the IP and port number. I've configured squid with a parent cache, the ACL to allow the LAN addresses through, it seems to be working because if i connect a client machine to eth1 and enter the proxy details for the squid box it will browse the internet with no problems.
You just said this was for "for external users.". Did you mean internal/LAN users? The requirements and limits are very different.
However, I cannot get the squid box to run as a transparent proxy (if I remove the proxy details from the client it ceases to work). I added the 'http_port 3128 transparent' to the squid.conf file but no joy, I read this command has now been depreciated and to use the 'http_port 3128 intercept' command instead, again, this doesn't work.
Correct. All it does is tell Squid what type of traffic is going to arrive and to contact the NAT table for further information about new connections.
Also, it is unsafe to set the flags on port 3128. There are at least two popular softwares around which scan port 80 and 3128 for transparent proxies to abuse. Pick a random port for Squid and consider it a secret for use only between squid and iptables. The main 3128 can stay open for management or normal proxy traffic if you like.
<snip failures>
None of these work (obviously) Can anyone help?
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat OR http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
