LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Squid transparent proxy (http://www.linuxquestions.org/questions/linux-server-73/squid-transparent-proxy-906208/)

astalavista2000 10-03-2011 12:28 PM

Squid transparent proxy
 
Hi, everybody. I've just installed squid through apt-get in a debian squeeze server. The server has two NIC's. eth0 is connected to the LAN and eth1 has a public IP address. I've tried squid's default configuration and, after creating an acl and a rule to allow my computer to connect to squid

Code:

acl myMachine src myIp
Code:

http_access allow myMachine
I can perfectly browse the web. But I want to use squid as a TRANSPARENT PROXy, so I change the http_port option
Code:

http_port 3128 transparent
Then I add the following rule in my firewall
Code:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Finally, I've configured the browser to first autodetect connection and later to use no connection at all and set the the LAN ip of the proxy server as default gateway of myMachine.
But I can't connect to internet.

Extra Information
*********************
- Squid Version: Version: 2.7.STABLE9-2.1
- I enabled "net.ipv4.ip_forward=1"
- my "cleaned" squid.conf file

Code:

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 631        # cups
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl myMachine src 192.168.1.189/32
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow myMachine
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:          1440    20%    10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
refresh_pattern (Release|Packages(.gz)*)$      0      20%    2880
refresh_pattern .              0      20%    4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid

Well, hope you can shade some light in my problem. Thanks in advance.

chandramani_yadav 10-04-2011 09:19 AM

Follow the below mentioned link and it should work.

http://www.linuxsolved.com/linux-for...xy-t116.0.html

astalavista2000 10-04-2011 05:59 PM

Quote:

Originally Posted by chandramani_yadav (Post 4489747)
Follow the below mentioned link and it should work.

http://www.linuxsolved.com/linux-for...xy-t116.0.html

Thanks chandramani_yadav, but I have a doubt. Is this solution valid for newer versions of squid? I'm just asking because, while doing research, I've found similar articles explaining this solutions but in all of them it says that is only valid for squid versions newer than 2.6.
Thanks a lot.
Regards.

pantdk 11-20-2011 07:40 PM

change acl myMachine src 192.168.1.189/32 to alc myMachine src 192.168.1.0/32


localhost & deny like this
http_access allow localhost
http_access allow myMachine
http_access deny all


All times are GMT -5. The time now is 07:04 PM.