Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 06-30-2009, 06:00 PM   #1
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Rep: Reputation: 16
Can't enable transparent squid on localhost using iptables.

OS: Ubuntu 8.04
==> squid & squidGuard on localhost.

Goal: Force traffic through squid using iptables thereby
eliminating need for FF preferences. The intended host
to proxy is the box housing squid & co.

Squid works fine if I use the settings in Firefox but does not work if I try to use it transparently.

Here's my squid.conf sans comments.

acl all src all
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl purge method PURGE
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern (Release|Package(.gz)*)$	0	20%	2880
refresh_pattern .		0	20%	4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname localhost
always_direct allow all
hosts_file /etc/hosts
coredump_dir /var/spool/squid
I would think that a simple rule such as:
sudo iptables -A PREROUTING -t nat -p tcp –dport 80 -j REDIRECT –to-port 3128
Would do the trick ...
It does not work as expected.

Any thoughts?

Thanks for reading!


UPDATE: I gave up on IPTABLES and installed the firehol package. It works and that is good. Here is my firehol.conf for those also struggling with this:

version 5
transparent_squid 3128 "proxy root" inface eth0
# Accept all client traffic on any interface
interface "eth0" Internet
         protection strong
        server "ssh" accept
        client all accept
PS: I am still curious as to how one would get the same results with vanilla IPTABLES.

Last edited by bubnoff; 06-30-2009 at 06:31 PM. Reason: Update for those still curious.
Old 06-30-2009, 07:48 PM   #2
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Hi, welcome to LQ!

PS: I am still curious as to how one would get the same results with vanilla IPTABLES.
Just look at the iptables rules firhol has generated for you ... it's not
like it's a firewalling solution in its own right - it's a iptables front-end.


Last edited by Tinkster; 06-30-2009 at 07:49 PM.
Old 07-02-2009, 03:45 PM   #3
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Thank you and ...

Thanks for your response, I'll give that a shot.

For the small task of routing traffic through a locally hosted proxy
it seems clumsy to install fireHOL rather than just type one or two
IPTABLES rules. It seems like that's what everyone is doing for DansGuardian and squidGuard though.

Anyway ...thanks for the response.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
transparent squid missamoune Linux - Server 2 08-10-2008 07:58 PM
Squid transparent proxy with iptables cksoo Linux - Server 5 06-12-2008 04:53 AM
IPTABLES for squid (Transparent proxy) kool_kid Linux - Networking 14 10-29-2007 11:45 AM
IPTABLES, SQUID, DANSGUARDIAN and Transparent Proxy metallica1973 Linux - Networking 18 09-03-2007 08:17 PM
Squid and iptables---transparent proxying Woodsman Slackware 9 09-30-2006 03:49 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration