-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/12/2014 12:42 p.m., Eliezer Croitoru wrote: > Well Derek, > > I must write something "I am amazed!!!" In Step 7 there is a little > confusion. The "accel vhost allow-direct" options are not for > transparent and\or interception proxy and I am unsure why it > works. It "works" because the traffic syntax for port 80 is accepted by both intercept (transparent intercept-proxy) and accel (web server reverse-proxy) modes. The "allow-direct" settings then converts the reverse-proxy into a highly vulnerable Open Proxy. Plus firewall NAT settings diverting all traffic (from both LAN and WAN!) Derek, If you got to step 9 then *immediately* go to your firewall setup and erase that line containing: -i $ETHERNET_INTERNET -p tcp --dport 80 -j REDIRECT It is completely needless on WAN interface and should never be used in the form shown there. The tutorial Eliezer linked below contains all you need for transparent interception. > you should use something like: http_port 127.0.0.1:3128 http_port > 13128 intercept nod. > > Instead of what mentioned in the tutorial. I would try to use > another tutorial or guide to install squid in transparent mode. > Have you tried our wiki? I have found this for you: > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect > > Else then couple little mistakes(which I will gladly be open to > help with) the tutorial looks very good. > > Try my suggestion and lets see if squid starts up or not. > > Eliezer > Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUmLf7AAoJELJo5wb/XPRjd8QIANnGYjuGGzJ1WPvV1oF6BZzO 4fxqnJOLDH/M4b6gB+vgRYIkMY1qZTCptC1eE66YvkKGgYYjZEGvbIxyZ3Ql9IEg bvm2t3ouJxts4I576275XIj9Tvh7u77ObcD51vPFrOCzjt66UoNBnXlHE2Hm7jfz WYTK/oa7AgdYxfsZPZuVLb6m9ClfIzdB+ta3vVBUkfgsgCPkPZdk3O6NRmhnzA56 sSlCOS43UfXwDsg6F/RwREs5/SruAYa2PTIwhLcHsPmKJiUToH9v/UnGRzGaKiwp LsuktdGfkDYl4bsd8FVAwTzev1Lzs97+IokVUGogE20LxWT08DwZEMd7M2SvmtE= =UfqC -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
