On 04.07.2012 13:52, bnichols wrote:
I do it on my routers. If you have a ddwrt enabled router on your lan
you can simply put your squid in transparent mode and add the
iptables
rules/script to your firewall and save, google "DDWRT squid
transparent" and youll find it, or do it on a mikrotik is really
simple
as well as many many other routers, personally, I dont like using an
x86 machine as a router.
Ah.
There is no need to do the interception part on the routers. Just route
the port-80 traffic (only) to the Squid box (aka "policy routing"). You
can still use the same bypass rules/choices on your routers, they are
just used to bypass the route decision instead of the packet NAT.
Every end box has routing rules. The specific "forwarding" router
rules are only needed if there is traffic not being intercepted but
passing through it.
When you remove NAT from the routers you *will* notice a change in IP
addressing information available to Squid. You will be able to see what
clients are actually being intercepted, instead of what router was doing
it.
http://wiki.squid-cache.org/ConfigExamples#Interception has various
types of Squid box interception config you get to select from.
Amos
