On 02/08/11 17:22, benjamin fernandis wrote:
Hi,
I want to configure squid tproxy as external device.So for that what
changes do i need to follow in iptables rule and policy routing from
OS side?
Current Lab setup:
WAN ROUTER
|
|
|
switch-------LINUX MACHINE ( configured as router ) ------ end users
|
|
squid
Currently i tried to follow squid wiki steps to configure tproxy.And i
can see traffic in squid access log but browsing not happening . even
i m not seeing any traffic in iptables for tproxy rule.
Kindly guide me to solve this problem.
I want to deploy squid box as external device for getting cache
gain.So for that do i need to change anything in iptables or policy
routing?
Possibly, checklist below:
Squid needs to be setup as a third router box.
LINUX MACHINE:
user subnet gateway -> users
default gateway -> squid
squid:
user subnet gateway -> LINUX MACHINE
default gateway -> WAN ROUTER
WAN ROUTER:
default gateway -> WAN
user subnet gateway -> squid
Any "smart" switch functionality based on IPs disabled. Or at least
tuned to not do things by users IP.
Policy routing on both WAN ROUTER and LINUX MACHINE. For non-80 ports
lop-sided routing around the squid box is okay but best to avoid it.
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
- DMZ config for LINUX MACHINE.
- "internal amongst the clients" config for WAN ROUTER.
OS : centos 6 32 bit
squid : 3.1.4
Mr Ritter has a new config for CentOS 6. Better than the one in the wiki
right now. If its not updated soon, contact him for details.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.10