hi
i am using squid proxy on LAN with freebsd but my users are not satisfy
anyone tell me best configuration for squid.conf for lan users

This is really a Squid question, so it's not specific to BSD.

Also, you should edit your question to be a little more descriptive of exactly what the problem is. Are your users having trouble reaching certain sites with the proxy in place, or is it slow, or something else?

Questions:

1.) What are the specs of your server? CPU? How much RAM? Size/speed of hard drive?
2.) Is this a dedicated squid box? Is this box providing other services (Samba, DNS, Sendmail?)
3.) What is your internet connection? Cable? DSL? dial-up?
4.) How many users do you have?
5.) What version squid?
6.) Are you using the default squid.conf or custom?
7.) Aprox how much of the squid cache is used (on the average) within a 5-day period?
8.) Most importantly, can you elaborate on why your users are "not sastisfied"?

Hi there,
I have some problem with my squid in freebsd.
in my access.log I always see this line
TCP_MISS/200 1136 GET http://tialia.com/images/home.gif - DIRECT/65.75.143.192 image/gif
TCP_MISS/302 10499 GET http://search.sing365.com/search.php? - DIRECT/202.103.25.136 text/html

Please help me with squid configuration.
my user complain that the cache respond so slow. for example:
when client click in www.yahoo.com and wait for 1 to 2 minutes to see the web site. and next time wait for it.
I don't know what error in my squid configuration.

my bsd box hardware specification:
pentinum 4 : 1.5 Ghz.
HDD: 40 GB
RAM: 512 MB

cache_dir diskd /var/cache 2048 16 256 Q1=72 Q2=64
cache_mem 128 MB

thank for any help.

VuongXiBul.

Hi, just send me the squid file to slaver_sex@hotmail.com to check your question.

Usually it's best to post the config file to the message board, so everyone can look at it. That will give you a much better chance of having your question correctly answered. Also, since the goal is to educate all users, having the entire conversation posted to the board is best so that everyone else can see the answers, too. If you take it off-line to e-mail, no one will ever know how the problem was resolved (if it was).

One last point is that you should be wary of e-mail your config files to anyone at their request. Check the file first to make sure it doesn't contain any embedded passwords or other authentication information (same goes before posting it on a message board, too).

Hi this is my configuration file. I am sorry, it is so long.

# WELCOME TO SQUID 2
# ------------------
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# TAG: http_port
#Default:
# http_port 3128
http_port 3128 80

# TAG: https_port
# --enable-ssl option
#Default:
# none

# TAG: ssl_unclean_shutdown
# --enable-ssl option
#Default:
# ssl_unclean_shutdown off

# TAG: icp_port
#Default:
# icp_port 3130

# TAG: htcp_port
# --enable-htcp option
#Default:
# htcp_port 4827

# TAG: mcast_groups
#Default:
# none

# TAG: udp_incoming_address
# TAG: udp_outgoing_address
#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
# TAG: cache_peer
# # proxy icp
# # hostname type port port options
# # -------------------- -------- ----- ----- -----------
# cache_peer parent.foo.net parent 3128 3130 [proxy-only]
# cache_peer sib1.foo.net sibling 3128 3130 [proxy-only]
# cache_peer sib2.foo.net sibling 3128 3130 [proxy-only]
#Default:
# none

# TAG: cache_peer_domain
# cache_peer_domain cache-host domain [domain ...]
# cache_peer_domain cache-host !domain
#Default:
# none

# TAG: neighbor_type_domain
# usage: neighbor_type_domain neighbor parent|sibling domain domain ...
#Default:
# none

# TAG: icp_query_timeout (msec)
#Default:
# icp_query_timeout 0

# TAG: maximum_icp_query_timeout (msec)
#Default:
# maximum_icp_query_timeout 2000

# TAG: mcast_icp_query_timeout (msec)
#Default:
# mcast_icp_query_timeout 2000

# TAG: dead_peer_timeout (seconds)
#Default:
# dead_peer_timeout 10 seconds

# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

# TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

# TAG: cache_mem (bytes)
#Default:
# cache_mem 8 MB
cache_mem 128 MB

# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
#Default:
cache_swap_low 90
cache_swap_high 95

# TAG: maximum_object_size (bytes)
#Default:
# maximum_object_size 4096 KB

# TAG: minimum_object_size (bytes)
#Default:
# minimum_object_size 0 KB

# TAG: maximum_object_size_in_memory (bytes)
#Default:
maximum_object_size_in_memory 80 KB

# TAG: ipcache_size (number of entries)
# TAG: ipcache_low (percent)
# TAG: ipcache_high (percent)
#Default:
ipcache_size 1024
ipcache_low 90
ipcache_high 95

# TAG: fqdncache_size (number of entries)
#Default:
# fqdncache_size 1024

# TAG: cache_replacement_policy
# lru : Squid's original list based LRU policy
# heap GDSF : Greedy-Dual Size Frequency
# heap LFUDA: Least Frequently Used with Dynamic Aging
# heap LRU : LRU policy implemented using a heap
#Default:
cache_replacement_policy lru

# TAG: memory_replacement_policy
#Default:
memory_replacement_policy lru

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

# TAG: cache_dir
# cache_dir Type Directory-Name Fs-specific-data [options]
#Default:
# cache_dir ufs /usr/local/squid/var/cache 100 16 256
cache_dir diskd /var/cache 2048 16 256 Q1=72 Q2=64
# cache_dir ufs /var/cache 3072 16 256

# TAG: cache_access_log
#Default:
# cache_access_log /usr/local/squid/var/logs/access.log
cache_access_log /var/log/squid/access.log

# TAG: cache_log
#Default:
# cache_log /usr/local/squid/var/logs/cache.log
cache_log /var/log/squid/cache.log

# TAG: cache_store_log
#Default:
# cache_store_log /usr/local/squid/var/logs/store.log
cache_store_log /var/log/squid/store.log

# TAG: cache_swap_log
#Default:
# none
cache_swap_log /var/log/squid/cache_swap_log.log

# TAG: emulate_httpd_log on|off
#Default:
# emulate_httpd_log off

# TAG: log_ip_on_direct on|off
#Default:
# log_ip_on_direct on

# TAG: mime_table
#Default:
# mime_table /usr/local/squid/etc/mime.conf

# TAG: log_mime_hdrs on|off
#Default:
# log_mime_hdrs off

# TAG: useragent_log
# --enable-useragent-log option
#Default:
# none

# TAG: referer_log
# --enable-referer-log option
#Default:
# none

# TAG: pid_filename
#Default:
# pid_filename /usr/local/squid/var/logs/squid.pid
pid_filename /var/log/squid/squid.pid

# TAG: debug_options
#Default:
# debug_options ALL,1

# TAG: log_fqdn on|off
#Default:
# log_fqdn off

# TAG: client_netmask
#Default:
# client_netmask 255.255.255.255

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
# TAG: ftp_user
#Default:
# ftp_user Squid@

# TAG: ftp_list_width
#Default:
# ftp_list_width 32

# TAG: ftp_passive
#Default:
# ftp_passive on

# TAG: ftp_sanitycheck
#Default:
# ftp_sanitycheck on

# TAG: ftp_telnet_protocol
#Default:
# ftp_telnet_protocol on

# TAG: cache_dns_program
# --disable-internal-dns option
#Default:
# cache_dns_program /usr/local/squid/libexec/dnsserver

# TAG: dns_children
# --disable-internal-dns option
#Default:
# dns_children 5

# TAG: dns_retransmit_interval
#Default:
# dns_retransmit_interval 5 seconds

# TAG: dns_timeout
#Default:
# dns_timeout 2 minutes

# TAG: dns_defnames on|off
# --disable-internal-dns option
#Default:
# dns_defnames off

# TAG: dns_nameservers
#Default:
# none

# TAG: hosts_file
#Default:
# hosts_file /etc/hosts

# TAG: diskd_program
#Default:
diskd_program /usr/local/squid/libexec/diskd

# TAG: unlinkd_program
#Default:
unlinkd_program /usr/local/squid/libexec/unlinkd

# TAG: pinger_program
# --enable-icmp option
#Default:
# pinger_program /usr/local/squid/libexec/pinger

# TAG: redirect_program
#Default:
# none

# TAG: redirect_children
#Default:
# redirect_children 5

# TAG: redirect_rewrites_host_header
#Default:
# redirect_rewrites_host_header on

# TAG: redirector_access
#Default:
# none

# TAG: auth_param
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

# TAG: authenticate_cache_garbage_interval
#Default:
# authenticate_cache_garbage_interval 1 hour

# TAG: authenticate_ttl
#Default:
# authenticate_ttl 1 hour

# TAG: authenticate_ip_ttl
#Default:
# authenticate_ip_ttl 0 seconds

# TAG: external_acl_type
#Default:
# none


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

# TAG: wais_relay_host
# TAG: wais_relay_port
#Default:
# wais_relay_port 0

# TAG: request_header_max_size (KB)
#Default:
# request_header_max_size 10 KB

# TAG: request_body_max_size (KB)
#Default:
# request_body_max_size 0 KB

# TAG: refresh_pattern
# usage: refresh_pattern [-i] regex min percent max [options]
# options: override-expire
# override-lastmod
# reload-into-ims
# ignore-reload
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
# TAG: quick_abort_pct (percent)
#Default:
quick_abort_min 16 KB
quick_abort_max 64 KB
quick_abort_pct 95

# TAG: negative_ttl time-units
#Default:
# negative_ttl 5 minutes

# TAG: positive_dns_ttl time-units
#Default:
positive_dns_ttl 1 hours

# TAG: negative_dns_ttl time-units
#Default:
# negative_dns_ttl 1 minute

# TAG: range_offset_limit (bytes)
#Default:
# range_offset_limit 0 KB
range_offset_limit 10240 KB

# TIMEOUTS
# -----------------------------------------------------------------------------

# TAG: forward_timeout time-units
#Default:
# forward_timeout 4 minutes

# TAG: connect_timeout time-units
#Default:
# connect_timeout 1 minute

# TAG: peer_connect_timeout time-units
#Default:
# peer_connect_timeout 30 seconds

# TAG: read_timeout time-units
#Default:
# read_timeout 15 minutes

# TAG: request_timeout
#Default:
# request_timeout 5 minutes

# TAG: persistent_request_timeout
#Default:
# persistent_request_timeout 1 minute

# TAG: client_lifetime time-units
#Default:
# client_lifetime 1 day

# TAG: half_closed_clients
#Default:
# half_closed_clients on
half_closed_clients on

# TAG: pconn_timeout
#Default:
pconn_timeout 120 seconds

# TAG: ident_timeout
#Default:
ident_timeout 10 seconds

# TAG: shutdown_lifetime time-units
#Default:
shutdown_lifetime 30 seconds

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

# TAG: acl
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl owns_network src 192.168.8.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
#Default:
# http_access deny all
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow owns_network
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny all

# TAG: http_reply_access
#Default:
# http_reply_access allow all
http_reply_access allow owns_network
http_reply_access deny all

# TAG: icp_access
#Default:
icp_access deny all
#icp_access allow all

# TAG: miss_access
#Default setting:
# miss_access allow all
miss_access allow owns_network
miss_access deny !owns_network

# TAG: cache_peer_access
#Default:
# none

# TAG: ident_lookup_access
#Default:
ident_lookup_access deny all

# TAG: tcp_outgoing_tos
#Default:
# none

# TAG: tcp_outgoing_address
#Default:
# none

# TAG: reply_body_max_size bytes allow|deny acl acl...
#Default:
# reply_body_max_size 0 allow all

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

# TAG: cache_mgr
#Default:
# cache_mgr webmaster
cache_mgr master@cybercafe.net

# TAG: cache_effective_user
# TAG: cache_effective_group
#Default:
# cache_effective_user nobody

# TAG: visible_hostname
#Default:
# none

# TAG: unique_hostname
#Default:
# none

# TAG: hostname_aliases
#Default:
# none

# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
#Default:
# announce_period 0
#announce_period 1 day
# TAG: announce_host
# TAG: announce_file
# TAG: announce_port
#Default:
# announce_host tracker.ircache.net
# announce_port 3131

# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

# TAG: httpd_accel_host
# TAG: httpd_accel_port
#Default:
httpd_accel_port 80
httpd_accel_host virtual

# TAG: httpd_accel_single_host on|off
#Default:
# httpd_accel_single_host off

# TAG: httpd_accel_with_proxy on|off
#Default:
# httpd_accel_with_proxy off
httpd_accel_with_proxy on

# TAG: httpd_accel_uses_host_header on|off
#Default:
# httpd_accel_uses_host_header off
httpd_accel_uses_host_header on

# MISCELLANEOUS
# -----------------------------------------------------------------------------
# TAG: dns_testnames
#Default:
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

# TAG: logfile_rotate
#Default:
logfile_rotate 10

# TAG: append_domain
#Example:
# append_domain .yourdomain.com
#
#Default:
# none

# TAG: tcp_recv_bufsize (bytes)
#Default:
# tcp_recv_bufsize 0 bytes

# TAG: err_html_text
#Default:
# none

# TAG: deny_info
#Default:
# none

# TAG: memory_pools on|off
#Default:
# memory_pools on

# TAG: memory_pools_limit (bytes)
#Default:
# none

# TAG: forwarded_for on|off
#Default:
forwarded_for on

# TAG: log_icp_queries on|off
#Default:
# log_icp_queries on

# TAG: icp_hit_stale on|off
#Default:
# icp_hit_stale off

# TAG: minimum_direct_hops
#Default:
# minimum_direct_hops 4

# TAG: minimum_direct_rtt
#Default:
# minimum_direct_rtt 400

# TAG: cachemgr_passwd
#Example:
# cachemgr_passwd secret shutdown
# cachemgr_passwd lesssssssecret info stats/objects
# cachemgr_passwd disable all
#
#Default:
# none

# TAG: store_avg_object_size (kbytes)
#Default:
# store_avg_object_size 13 KB

# TAG: store_objects_per_bucket
#Default:
# store_objects_per_bucket 20

# TAG: client_db on|off
#Default:
# client_db on

# TAG: netdb_low
# TAG: netdb_high
#Default:
# netdb_low 900
# netdb_high 1000

# TAG: netdb_ping_period
#Default:
# netdb_ping_period 5 minutes

# TAG: query_icmp on|off
#Default:
# query_icmp off

# TAG: test_reachability on|off
#Default:
# test_reachability off

# TAG: buffered_logs on|off
#Default:
# buffered_logs off

# TAG: reload_into_ims on|off
#Default:
# reload_into_ims off

# TAG: always_direct
# Usage: always_direct allow|deny [!]aclname ...
#Default:
# none

# TAG: never_direct
# Usage: never_direct allow|deny [!]aclname ...
#Default:
# none

# TAG: header_access
#Default:
# none

# TAG: header_replace
#Default:
# none

# TAG: icon_directory
#Default:
# icon_directory /usr/local/squid/share/icons

# TAG: short_icon_urls
#Default:
# short_icon_urls off

# TAG: error_directory
#Default:
error_directory /usr/local/squid/share/errors/English

# TAG: maximum_single_addr_tries
# maximum_single_addr_tries 1

# TAG: snmp_port
#Default:
snmp_port 3401

# TAG: snmp_access
acl snmppublic snmp_community cybercafe
snmp_access allow snmppublic localhost
snmp_access deny all
#
#Default:
# snmp_access deny all

# TAG: snmp_incoming_address
# TAG: snmp_outgoing_address
#Default:
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255

# TAG: as_whois_server
#Default:
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

# TAG: wccp_router
#Default:
# wccp_router 0.0.0.0

# TAG: wccp_version
#Default:
# wccp_version 4

# TAG: wccp_incoming_address
# TAG: wccp_outgoing_address
#Default:
# wccp_incoming_address 0.0.0.0
# wccp_outgoing_address 255.255.255.255

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

# TAG: delay_pools
#Default:
# delay_pools 0

# TAG: delay_class
#Example:
# delay_pools 2 # 2 delay pools
# delay_class 1 2 # pool 1 is a class 2 pool
# delay_class 2 3 # pool 2 is a class 3 pool
#Default:
# none

# TAG: delay_access
#Example:
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#Default:
# none

# TAG: delay_parameters
#Default:
# none

# TAG: delay_initial_bucket_level (percent, 0-100)
#Default:
# delay_initial_bucket_level 50

# TAG: incoming_icp_average
# TAG: incoming_http_average
# TAG: incoming_dns_average
# TAG: min_icp_poll_cnt
# TAG: min_dns_poll_cnt
# TAG: min_http_poll_cnt
#Default:
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8

# TAG: max_open_disk_fds
#Default:
# max_open_disk_fds 0

# TAG: offline_mode
#Default:
# offline_mode off

# TAG: uri_whitespace
#Default:
# uri_whitespace strip

# TAG: broken_posts
#Example:
# acl buggy_server url_regex ^http://....
# broken_posts allow buggy_server
#
#Default:
# none

# TAG: mcast_miss_addr
# -DMULTICAST_MISS_STREAM option
#Default:
# mcast_miss_addr 255.255.255.255

# TAG: mcast_miss_ttl
# -DMULTICAST_MISS_TTL option
#Default:
# mcast_miss_ttl 16

# TAG: mcast_miss_port
# -DMULTICAST_MISS_STREAM option
#Default:
# mcast_miss_port 3135

# TAG: mcast_miss_encode_key
# -DMULTICAST_MISS_STREAM option
#Default:
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

# TAG: nonhierarchical_direct
#Default:
# nonhierarchical_direct on

# TAG: prefer_direct
#Default:
# prefer_direct off

# TAG: strip_query_terms
#Default:
# strip_query_terms on

# TAG: coredump_dir
#Default:
# coredump_dir none
coredump_dir /var/cache

# TAG: redirector_bypass
#Default:
# redirector_bypass off

# TAG: ignore_unknown_nameservers
#Default:
# ignore_unknown_nameservers on

# TAG: digest_generation
# --enable-cache-digests option
#Default:
# digest_generation on

# TAG: digest_bits_per_entry
# --enable-cache-digests option
#Default:
# digest_bits_per_entry 5

# TAG: digest_rebuild_period (seconds)
# --enable-cache-digests option
#Default:
# digest_rebuild_period 1 hour

# TAG: digest_rewrite_period (seconds)
# --enable-cache-digests option
#Default:
# digest_rewrite_period 1 hour

# TAG: digest_swapout_chunk_size (bytes)
# --enable-cache-digests option
#Default:
# digest_swapout_chunk_size 4096 bytes

# TAG: digest_rebuild_chunk_percentage (percent, 0-100)
# --enable-cache-digests option
#Default:
# digest_rebuild_chunk_percentage 10

# TAG: chroot
#Default:
# none

# TAG: client_persistent_connections
# TAG: server_persistent_connections
#Default:
# client_persistent_connections on
# server_persistent_connections on

# TAG: detect_broken_pconn
#Default:
# detect_broken_pconn off

# TAG: pipeline_prefetch
#Default:
# pipeline_prefetch off

# TAG: extension_methods
#Default:
# none

# TAG: request_entities
#Default:
# request_entities off

# TAG: high_response_time_warning (msec)
#Default:
# high_response_time_warning 0

# TAG: high_page_fault_warning
#Default:
# high_page_fault_warning 0

# TAG: high_memory_warning
#Default:
# high_memory_warning 0

# TAG: store_dir_select_algorithm
#Default:
# store_dir_select_algorithm least-load

# TAG: forward_log
# -DWIP_FWD_LOG option
#Default:
# none

# TAG: ie_refresh on|off
#Default:
# ie_refresh off
ie_refresh on

# TAG: vary_ignore_expire on|off
#Default:
# vary_ignore_expire off

# TAG: sleep_after_fork (microseconds)
#Default:
# sleep_after_fork 0

I am not sure what you problem is but I use squid as my proxy and I never had any compaints from the 20 people that use it. My comp specs are 336MHZ,128ram,3 small harddrives from some old slow machines. You might want to check you cabling to the computer also. Are all your clients on windows? If so make sure that you have no DNS specified on the windows box. I am sure that someone will comb your squid config file and point out something.

i isntalled squid most of time. i didnt get any trouble.
first use default squid config file, just add standart lines to allow clients. and check the browser speed. if they are still same, squid is ok. check other possibilies. such as hardware, network troubles. u must also check clients (if they r windowz) for viruses . nowadays there are lots of worms can stop network activities.


u can also check log files, disk, mem, cpu usage.

i'm also having an issue with squid...

i have a linux gateway (iptables, dhcp, dns, etc.) with squid on it...

eth0=DHCP Internet

eth1=LAN

i'm trying to make squid work transparently while listening only on the gateway's 127.0.0.1:3128...

so far no luck, i can only make it work by using 192.168.0.1:3128 and port-forwarding requests to port 80 to it there...

i don't want squid listening on the lan, i want squid to be "totally" transparent to the lan users...

any ideas?? i'm dying here...

=)

To get squid transparent you use the options in the config file. You can not make squid work for local address 127.1.1.1 b/c when you add that address and port to you explorer configuration it will look at its own local address. I also would go yard saling and find another computer so use as a proxy server. A squid cache can use up all your resources depending how many users connect to it. If you want good performance you need alest 400mhz and as much ram as you can fit into it and a good 5600rpm hardrive 10-40gig. It will work on a slow system but its going to display the internet real slow. Unless you are running samba windows users are not going to see the comp in the neiborhood anyways.

i've got squid listening on 127.0.0.1:3128 on the gateway...

a browser on the gateway can use squid with no problems by specifying "127.0.0.1:3128" in the browser configuration...

i'm trying to get netfilter to forward --dport 80 requests on the lan to 127.0.0.1:3128 on the gateway...

right now i'm trying (unsuccessfully) with something like this:


iptables -t nat -A PREROUTING -p TCP -i $LAN_INTERFACE --dport 80 \
-j DNAT --to-destination 127.0.0.1:3128


it doesn't work so far, i'm still looking-in to it... i also have a rule allowing all input to the loopback interface...


iptables -A INPUT -p ALL -i lo -j ACCEPT


as i said, squid is accessible from the gateway itself while using 127.0.0.1... also, "netstat -an" confirms squid is listening...

i can get it to work the "normal" way, like this:


iptables -t nat -A PREROUTING -p TCP -i $LAN_INTERFACE --dport 80 \
-j REDIRECT --to-ports 3128


but to do that i have to make squid listen on the lan, which is what i don't want...

what i'm trying to achieve wouldn't even show any open ports on an nmap from the lan to the gateway...

this HAS to be possible... right??

anybody??

=)