Your client needs to use your squid server as default gateway.
And then you need the iptables rules I wrote about to direct traffic
into squid for certain ports.
Reet Vyas wrote on 06/03/2015 08:50 AM:
Hi
Thanks for reply. As of now we don't have router I have directly
connected my machine to internet and other to LAN and I have configured
client machine ubuntu to test squid which is in switch where other users
are connected using gateway of router 192.168.0.1.
I read your valuable suggestions, but I still confused with IPtables and
squid 3.3 setting ,transparent and intercept options .
root@squid:/home/squid# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff
inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fecf:5974/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.200/24 <http://192.168.0.200/24> brd 192.168.0.255
scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fecf:5975/64 scope link
valid_lft forever preferred_lft forever
root@squid:/home/squid# ip -4 route show
default via 116.72.152.1 dev eth0
116.72.152.0/22 <http://116.72.152.0/22> dev eth0 proto kernel scope
link src 116.72.152.37
192.168.0.0/24 <http://192.168.0.0/24> dev eth1 proto kernel scope
link src 192.168.0.200
To use transparent/intercept what I have to set in my config file
http_port 3128 intercept or transparent
and Iptables rules , I have tried this rules
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
But not working
Can you please tell me the firewall rules and let me know why my
firewall rules are not working.
On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <kl@xxxxxxx
<mailto:kl@xxxxxxx>> wrote:
Amos Jeffries wrote on 06/02/2015 04:34 PM:
On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:
I have this in my squid server for it to work:
The key words there are ... *in my Squid server*
indeed :)
NOTE to Klavs:
loading the "multiport" kernel module seems overkill for a
single-port
match.
it's puppets firewall module.. haven't had enough time to fix that
module :)
FYI: DONT_VERIFY_PEER, "always_direct allow all", and
"slproxy_cert_error allow all" have not been good ideas since 3.2.
dont-verify actually inhibits the Mimic functions which give
server-first bumping most of its usefulness.
Thank you for those tips.
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx <mailto:kl@xxxxxxx> -
http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
