Hi Andreas, take a look: 1. acl LAN 192.168.0.0/32 .. .. http_access allow LAN http_access deny ALL 2. http_port SQUID-IP:3128 3. Example: squid.conf: cache_peer localhost parent 8899 0 no-query no-digest havp.conf: #Port PORT 8899 -- Marcel -----Ursprüngliche Nachricht----- Von: Andreas Westvik [mailto:andreas@xxxxxxx] Gesendet: Donnerstag, 14. Februar 2013 15:43 An: squid-users Betreff: Securing squid3 Hi everybody I have been running squid3 on my Debian squeeze on/off for a few weeks now. And there is a few things Im not sure of 1. How can I be sure that Im running it securely? I really only want squid3 to server my local clients (192.168.0.0/32). 2. Can I bind squid3 to only listen to any device/ip? 3. just for fun, I have setup havp on a different server. Is it possible to send my http traffic to that server first? (havp runs on 192.168.0.24) Then back to squid3? As of now, I need to configure my clients to connect to that havp server, then havp will send traffic back to squid. But I would like to happen with some automatic iptables commands. I have tried several iptables setup, but nothing will make this work. I cannot for the life of me intercept the port 80 traffic, then redirect it to 192.168.0.24:3127 Like this: Client -> Gw 192.168.0.1 -> havp 192.168.0.24:3127 -> squid3 192.168.0.1:3128 -> internets This is my setup: http_port 3128 transparent acl LAN src 192.168.0.0/32 acl localnet src 127.0.0.1/255.255.255.255 http_access allow LAN http_access allow localnet cache_dir ufs /var/spool/squid3 5000 16 256 #Block acl ads dstdom_regex -i "/etc/squid3/squid.adservers" http_access deny ads eth3: 192.168.0.1 (non-dhcp envirment) eth4: wan official ip (non-dchp) -Andreas
