Hey, What you describe is possible... and is recommended for many scenarios. You just need to take into account that what you would want is to make sure your have a static route from the squid machine to the WIFI network via the WIFI Router. Also you should use NAT(source nat \ masquerade) on the squid box if you want other traffic then port 80 to be allowed to access the internet(DNS, ICMP etc..). This combination of: http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect?highlight=%28masquerade%29 http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat?highlight=%28sysctl%29#A.2Fetc.2Fsysctl.conf_Configuration http://wiki.squid-cache.org/KnowledgeBase/TransparentProxySelectiveBypass?highlight=%28masquerade%29 might help you to get started. What machine are you using the linux box for squid? Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of erdosain9 Sent: Thursday, July 20, 2017 22:08 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Squid as gateway Hi, and thank you all. Well this is the diagram. INTERNET + + FIREWALL (10.1.158.1/24) + + + SQUID (2 interfaces) 10.1.158.2/24 192.168.1.20/24 + + + ROUTERWIFI( WAN----static ip 192.168.1.40/24 gw 192.168.1.20) LAN 192.168.0.1/24) squid config: acl red1 src 192.168.1.0/24 acl SSL_ports port 443 acl SSL_ports port 8443 acl SSL_ports port 8080 acl SSL_ports port 20000 acl SSL_ports port 10000 acl SSL_ports port 2083 acl Safe_ports port 631 # httpCUPS acl Safe_ports port 85 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 8443 # httpsalt acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8080 # edesur y otros acl CONNECT method CONNECT # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager http_access allow localhost http_access allow red1 # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 192.168.1.20:3128 http_port 192.168.1.20:3129 intercept # Uncomment and adjust the following to add a disk cache directory. cache_dir diskd /var/spool/squid 15000 16 256 cache_mem 256 MB cache_swap_low 90 cache_swap_high 95 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid #Your refresh_pattern refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store ignore-private # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 8.8.8.8 8.8.4.4 visible_hostname squid.xxxxxxxxxx.lan ----------------------------------------------------------------------- I probe this, nothing work.............. --------------------------------------------------------------------------------------------------------------------------------------------- iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.20:3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP ------------------------------------------------------------------------------------------------------------------------------------------------ iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP ----------------------------------------------------------------------------------------------------------------------------------------------- A hand....?? Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683192.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
