Search squid archive

Re: Looking for a recomendation for tutorial for transparent proxy under Ubuntu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2015-06-01 10:40 AM, dkandle wrote:
I am using Ubuntu 14.04 on a server with multiple NICs. I would like to set 
it up as a transparent proxy. I have the router working and I had squid
working as an explicit proxy (where I set the IP address of the server as 
the proxy in my client's browser).
Is there a good tutorial which covers this set-up? I've tried setting the 
iptables as some have advised but it has issues.
It is not at all clear to me how squid will know which interface faces the 
Internet and which faces my client's subnet.

Thanks



--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Looking-for-a-recomendation-for-tutorial-for-transparent-proxy-under-Ubuntu-tp4671472.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


The official tutorials:

http://wiki.squid-cache.org/ConfigExamples#Interception

You'll most likely want:

http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
Of interest is the lack of interface specification, so here's what I'm using on a box that has an internal nic(192.168.1.0/24) and an external nic(real world external IP):
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 80 -j REDIRECT --to-port 3128 $IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 443 -j REDIRECT --to-port 3129
This redirects traffic from clients coming in on eth0 to Squid listening process on eth0. If your squid listening process is not on the same nic, you'll need to use DNAT instead:
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 80 -j DNAT --to-destination ip.that.squid.listens.on:3128 $IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 443 -j DNAT --to-destination ip.that.squid.listens.on:3129 

Hope that helps.

James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux