LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Can't enable transparent squid on localhost using iptables.
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-30-2009, 05:00 PM   #1
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Rep: Reputation: 16
Can't enable transparent squid on localhost using iptables.

Setup:
OS: Ubuntu 8.04
==> squid & squidGuard on localhost.

Goal: Force traffic through squid using iptables thereby
eliminating need for FF preferences. The intended host
to proxy is the box housing squid & co.


Squid works fine if I use the settings in Firefox but does not work if I try to use it transparently.

Here's my squid.conf sans comments.

Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern (Release|Package(.gz)*)$	0	20%	2880
refresh_pattern .		0	20%	4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
visible_hostname localhost
always_direct allow all
hosts_file /etc/hosts
coredump_dir /var/spool/squid
I would think that a simple rule such as:
Code:
sudo iptables -A PREROUTING -t nat -p tcp –dport 80 -j REDIRECT –to-port 3128
Would do the trick ...
It does not work as expected.

Any thoughts?

Thanks for reading!

Bub

UPDATE: I gave up on IPTABLES and installed the firehol package. It works and that is good. Here is my firehol.conf for those also struggling with this:

Code:
version 5
transparent_squid 3128 "proxy root" inface eth0
# Accept all client traffic on any interface
interface "eth0" Internet
         protection strong
        server "ssh" accept
        client all accept
PS: I am still curious as to how one would get the same results with vanilla IPTABLES.
Last edited by bubnoff; 06-30-2009 at 05:31 PM. Reason: Update for those still curious.
 
Old 06-30-2009, 06:48 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Hi, welcome to LQ!

Quote:
PS: I am still curious as to how one would get the same results with vanilla IPTABLES.
Just look at the iptables rules firhol has generated for you ... it's not
like it's a firewalling solution in its own right - it's a iptables front-end.



Cheers,
Tink
Last edited by Tinkster; 06-30-2009 at 06:49 PM.
 
Old 07-02-2009, 02:45 PM   #3
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Thank you and ...
Thanks for your response, I'll give that a shot.

For the small task of routing traffic through a locally hosted proxy
it seems clumsy to install fireHOL rather than just type one or two
IPTABLES rules. It seems like that's what everyone is doing for DansGuardian and squidGuard though.

Anyway ...thanks for the response.

Bub
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
transparent squid missamoune Linux - Server 2 08-10-2008 06:58 PM
Squid transparent proxy with iptables cksoo Linux - Server 5 06-12-2008 03:53 AM
IPTABLES for squid (Transparent proxy) kool_kid Linux - Networking 14 10-29-2007 10:45 AM
IPTABLES, SQUID, DANSGUARDIAN and Transparent Proxy metallica1973 Linux - Networking 18 09-03-2007 07:17 PM
Squid and iptables---transparent proxying Woodsman Slackware 9 09-30-2006 02:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:12 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration