(Poor english wish people sympathetic)
Squid server: OS slackware 14.1,kernel 3.10.7, Squid v 3.4.10.
Gaming needs,IE non squid, chrome and firefox run through squid, picture:
http://i.imgur.com/Rt02Erc.jpg
./config squid:
Code:
...................
--with-openssl \
--enable-icap-client\
--enable-ssl\
--enable-ssl-crtd\
--enable-snmp \
--enable-auth \
--enable-auth-basic \
--enable-linux-netfilter \
--enable-async-io \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap \
--disable-ipv6\
--build=$ARCH-slackware-linux \
--disable-strict-error-checking
file squid.conf:
Code:
......
# Squid normally listens to port 3128
http_port 3129
http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/myCA.pem
# Bump all requests except those originating from
always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
# OPTIONS RELATING TO EXTERNAL SSL_CRTD
sslcrtd_program /usr/libexec/ssl_crtd -s /var/log/squid/lib/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1
..........................
Load kernel iptables v 1.4.20,file rc.local:
Code:
#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local startup commands in here. Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.
/sbin/modprobe iptable_nat
/sbin/sysctl -w net.ipv4.ip_forward=1
/sbin/sysctl -w net.ipv4.conf.all.send_redirects=1
/sbin/sysctl -w net.ipv4.conf.all.accept_redirects=1
/sbin/sysctl -w net.ipv4.conf.all.secure_redirects=1
/sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
#/sbin/sysctl -w net.ipv4.conf.default.rp_filter = 0
#/sbin/sysctl -w net.ipv4.conf.default.accept_source_route = 0
if [ -x /etc/rc.d/rc.squid ]; then
/etc/rc.d/rc.squid start
fi
file rc.firewall:
Code:
#!/bin/sh
#
# /etc/rc.d/rc.firewall
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
iptables -I INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 3127 -j ACCEPT
Configuring chrome browser :Right click Google Chrome shortcut->Select "Properties"->Target->add to end of line" --proxy-server=192.168.1.150:3129" or " --proxy-server=192.168.1.151:3129". To not affect Internet Explorer
Did not know I wrong?
He does know please just help, thank you