squid transparent proxy......
hi
I have some in squid transparent proxy...... what i use : iptables,redhat linux 8.0,squid 2.4 stable v7 my current setup : SERVER BOX ( contains SQUID,APACHE,PHP,MYSQL,IPTABLES,BANDWIDTH CONTROL) IP 1 : 172.16.100.4 ( INTERNET LANCARD ) IP 2 : 10.0.0.1 (internal network CARD ) What i want : i want to use transparent proxy. but i want all my users to authenticate.in short if my user is not logged in and when he types any url he should be presented with a login page (php and mysql) where my user will enter his login name and password. and if he is logged in he can use internet what i did : Squid.conf http_port 8080 icp_port 3130 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 16 MB maximum_object_size 4096 KB minimum_object_size 0 KB maximum_object_size_in_memory 8 KB cache_replacement_policy lru memory_replacement_policy lru cache_dir ufs /var/spool/squid 250 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all #Set these if you want your proxy to work in a transparent way. #Transparent proxy means you generally don't have to configure all #your client's browsers, but hase some drawbacks too. #Leaving these uncommented won't do any harm. httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_mgr hitesh@hylix.com cache_effective_user squid cache_effective_group squid visible_hostname c-systems IPTABLES FIREWALL IPTABLES=/sbin/iptables EX_ETH=eth0 # External Interface IN_ETH=eth1 # Local Interface LOCAL_IP=10.0.0.2 # Local Host IP LOCAL_NET=10.0.0.0/8 # Local Network EXTERNAL_NET=172.16.0.0/24 # External Network PROXY_IP=10.0.0.2 # Proxy Server IP PROXY_PORT=8080 # Proxy Server Port No P_PORTS="0:1023" UP_PORTS="1024:65535" TR_SRC_PORTS="32769:65535" TR_DST_PORTS="33434:33523" $IPTABLES -F $IPTABLES -X $IPTABLES -Z # Masquerade $IPTABLES -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE # Turn on IP forwarding echo '1' > /proc/sys/net/ipv4/ip_forward # IF U GET IP_CONNTRAC ERROR USE THIS ELSE REMOVE echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max ## load modules modprobe ip_tables modprobe ip_conntrack modprobe ip_conntrack_ftp # Transparent Proxy $IPTABLES -t nat -A PREROUTING -i $IN_ETH -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT and some security setttings rules for death of ping etc |
If this is still a problem, AFAIK you can't do *and* transparent proxying *and* have authentication. Look at the Squid FAQ.
|
All times are GMT -5. The time now is 12:22 PM. |