Hi there!

I want to build a transparent proxy with squid under SuSE Linux 9.0.
The System first:
2 NIC
eth0: for internal network traffig (ip-addr: 192.168.1.1, subnetmask: 255.255.255.0)
eth1: for external traffic, complete configuration over DHCP form ISP
---------
All machines should get their ip-configuration form my server, so i set up an DHCPD Server. This works fine. Here the config-file (dhcpd.conf)

...
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
option domain-name-servers 192.168.1.1;
####
# I am not shure if i should use the ISPs DNS here???????
####
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.30;
}

so far so good. All clients get an ip-address and an standard gateway, so they try to communicate over my linux box.

Then i set up squid. I first tried with standard config. The result:
When i config the clients browsers to access the internet over a proxy server (192.168.1.1 port 3128) everything works great.
But i want to have an transparent proxy, so the clients don´t have to change their configuration.
So i changed in squid.conf (as SuSE Handbook says)
------
httpd_accel-host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-------

Then i set up the kernel to do ip-forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
and gave it iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

And now the problems start:
When i type an ip-address in a clients-browser i get a squid-error page (The requested URL could not be retrieved)
When i type an url, it cannot be resolved

So i think i have some problems with the dns (as mentioned in the dhcp config already)

i think i should add an iptables rule for the dns-servers too, but i don´t know how

Any ideas?

You should not have to make a iptables rule for DNS. No forwarding of DNS querries occur in this setup.

My setup at home uses the DNAT target for the transparent proxy thing.

thanks for your help, i didn't get out what you ment :-(

but I got another solution.

I set up an caching dns (with bind)
just added my ISPs dns ips in the forward section of named.conf

now I'm getting closer to what i want. Transparent proxy for http works now, everbypdy can surf without knowing about the linux server. (because i just want to log those M$ boxes)

philipp

i want the same setup with you as a transparent proxy, my problem is when i trying to browse "The requested URL could not be retrieved" appear..i follow your said solution by adding your ISPs dns ip, but im confused where is tje forwarding section in named.conf.

can you please give me a hint to fix and work my transparent proxy just what you did in your proxy?

thanks

do not change any named config files. just start it. it will work as a caching name server. linux and your clients can use it as a DNS server.

In named.conf i have the line

forwarders { 195.58.160.2;195.58.161.3;};

which are the DNS servers of my ISP.

(as line in the options section)

the just start bind and give the ip-address of the caching proxy (and dns) server
as dns - server to your workstations.