LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   *BSD (http://www.linuxquestions.org/questions/%2Absd-17/)
-   -   HELP: how do You setup Squid to work transparently? (http://www.linuxquestions.org/questions/%2Absd-17/help-how-do-you-setup-squid-to-work-transparently-511208/)

zazazz 12-16-2006 07:18 PM

HELP: how do You setup Squid to work transparently?
 
Could anybody write, step by step list of actions how do You make Your squid work transparently on freeBSD network server. If possible - with version numbers of software and beginning with getting squids' source , packet redirection till happy end. ... Why I am asking this, when the internet is full of guides? Because I came to a dead end.... my squid is working fine when browser is set to use proxy. and it works even transparently.....but transparently...when more than somewhat 5 clients connect..... new clients' packets are not processed. with no errors.... simply so... :cry: :cry: :cry: :cry: :cry: :cry: HELP!

gani 12-17-2006 10:08 PM

This is for version 2.5 that I've only followed from a web howto. Just find their respective places in squid.conf.

/etc/squid/squid.conf:

Code:

http_port 127.0.0.1:3128

visible_hostname host.yourdomain.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

....
..
acl Safe_ports port 445    # to allow windows update
acl CONNECT method CONNECT

....
..
acl local_net src 192.168.0.0/24
http_access allow local_net localhost

Create the cache directories:

# /usr/local/sbin/squid -z

Redirect your local network (192.168.0.0/24) to squid's IP (127.0.0.1) and squid's port (3128). If you are using PF in your FBSD, as an example:

/etc/pf.conf:
Code:

nat on $ext_if from ! ($ext_if) to any -> ($ext_if:0)
rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port 3128

Start the program:

# /usr/local/sbin/squid

check the cache.log for good signs:

# cat /var/squid/logs/cache.log

Code:

2006/11/14 19:33:38| Starting Squid Cache version 2.5.STABLE13 for i386-unknown-
openbsd4.0...
2006/11/14 19:33:38| Process ID 14405
2006/11/14 19:33:38| With 1024 file descriptors available
2006/11/14 19:33:38| Performing DNS Tests...
2006/11/14 19:33:38| Successful DNS name lookup tests...
2006/11/14 19:33:38| DNS Socket created at 0.0.0.0, port 42525, FD 5
2006/11/14 19:33:38| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2006/11/14 19:33:38| Unlinkd pipe opened on FD 10
2006/11/14 19:33:38| Swap maxSize 7340032 KB, estimated 564617 objects
2006/11/14 19:33:38| Target number of buckets: 28230
2006/11/14 19:33:38| Using 32768 Store buckets
2006/11/14 19:33:38| Max Mem  size: 102400 KB
2006/11/14 19:33:38| Max Swap size: 7340032 KB
2006/11/14 19:33:38| Rebuilding storage in /var/squid/cache (DIRTY)
2006/11/14 19:33:38| Using Least Load store dir selection
2006/11/14 19:33:38| Set Current Directory to /var/squid/cache
2006/11/14 19:33:38| Loaded Icons.
2006/11/14 19:33:38| Accepting HTTP connections at 127.0.0.1, port 3128, FD 11.
2006/11/14 19:33:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2006/11/14 19:33:38| WCCP Disabled.
2006/11/14 19:33:38| Ready to serve requests.
2006/11/14 19:33:43| Done scanning /var/squid/cache (0 entries)
2006/11/14 19:33:43| Finished rebuilding storage from disk.
2006/11/14 19:33:43|        0 Entries scanned
2006/11/14 19:33:43|        0 Invalid entries.
2006/11/14 19:33:43|        0 With invalid flags.
2006/11/14 19:33:43|        0 Objects loaded.
2006/11/14 19:33:43|        0 Objects expired.
2006/11/14 19:33:43|        0 Objects cancelled.
2006/11/14 19:33:43|        0 Duplicate URLs purged.
2006/11/14 19:33:43|        0 Swapfile clashes avoided.
2006/11/14 19:33:43|  Took 5.2 seconds (  0.0 objects/sec).
2006/11/14 19:33:43| Beginning Validation Procedure
2006/11/14 19:33:43|  Completed Validation Procedure
2006/11/14 19:33:43|  Validated 0 Entries
2006/11/14 19:33:43|  store_swap_size = 0k
2006/11/14 19:33:43| storeLateRelease: released 0 objects

When squid is bind at 127.0.0.1, you don't need to specify a proxy ADDRESS:PORT combination in your clients' browsers. The redirection rule in your firewall will do it for them automatically. In IE, no checked boxes in LAN Settings and in other browsers, it is no proxy or connect directly to the internet.

zazazz 12-25-2006 08:25 AM

and what rules do You add to file ipnat.rules when using IPNAT?


All times are GMT -5. The time now is 01:08 AM.