LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Squid as Transparent Proxy Server
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-30-2010, 08:06 PM   #1
sudhirmhrj
LQ Newbie
 
Registered: Feb 2010
Location: Earth
Distribution: Centos, Redhat ENT
Posts: 23

Rep: Reputation: 0
Squid as Transparent Proxy Server

Hi to everyone.

I am trying to install Squid 2.6 as Transparent proxy server.
Can anyone provide the step by step configuration details


thank you
BGRDS
 
Old 06-30-2010, 08:21 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Hi, I have found the squid tutorials here useful,

http://www.linuxhomenetworking.com/w...ess_with_Squid

Also check out the links from this page to ensure you have portforwarding and iptables setup to work with squid.

(cross reference here...)
http://wiki.squid-cache.org/ConfigExamples/
http://www.squid-cache.org/Doc/config/
http://www.visolve.com/squid/
http://www.squid-cache.org/

Another tute...
http://www.visolve.com/squid/Squid_tutorial.php
http://www.deckle.co.za/squid-users-guide/


Cheers, Glenn
Last edited by GlennsPref; 06-30-2010 at 08:24 PM. Reason: more links
 
Old 06-30-2010, 09:46 PM   #3
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Hi, since that above post, I came across this page, quite good, and easy to use...

http://www.cyberciti.biz/tips/linux-...uid-howto.html

cheers, Glenn
 
Old 06-30-2010, 10:32 PM   #4
sudhirmhrj
LQ Newbie
 
Registered: Feb 2010
Location: Earth
Distribution: Centos, Redhat ENT
Posts: 23

Original Poster
Rep: Reputation: 0
Thank you GlennsPref for your post. but according to squid-cache

/*
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
*/

are not used in squid 2.6 or later version.

So how can we setup squid as transparent proxy server...
 
Old 06-30-2010, 11:09 PM   #5
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Post :3128 transparent
find this line and add the info...
/etc/squid.conf...
http_port...
Code:
http_port 192.168.0.2:3128 transparent
use lines like this at the end of your firewall script.

Code:
#
## --- NAT --- ##
#

	# Enable masquerade

	$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -j MASQUERADE

#
## -- Transparent proxy to Squid --- ##
#
# Squid transparent proxy
	$IPTABLES -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
	$IPTABLES -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
	$IPTABLES -A PREROUTING -t nat -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
	$IPTABLES -t nat -A PREROUTING -i $INT_IF -p tcp --dport 80 -j REDIRECT --to-port 3128
set port forwarding in /etc/sysctl.conf
Code:
net.ipv4.conf.all.forwarding = 1
There are a lot of setting that may be applied to the kernel from here.

restart the firewall and squid server, to see the effects...

Cheers, and regards Glenn
 
Old 06-30-2010, 11:13 PM   #6
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
check the log,

Code:
locate access.log | grep squid
/var/log/squid/access.log
/var/log/squid/access.log.1
/var/log/squid/access.log.2.gz
then...
Code:
sudo tail -f /var/log/squid/access.log
 
Old 06-30-2010, 11:25 PM   #7
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
In newer versions of squid,
Quote:
/*
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
*/
http_access, squid is supposed to be for a lan,
this is default and does not need to be stated in .conf. Is built-in!

acl lan src, lan source ip, same as above.

httpd_accel, default and does not need to be stated in .conf. Is built-in!

regards Glenn.
 
Old 07-01-2010, 08:34 AM   #8
sudhirmhrj
LQ Newbie
 
Registered: Feb 2010
Location: Earth
Distribution: Centos, Redhat ENT
Posts: 23

Original Poster
Rep: Reputation: 0
Thank you for your support

Now I want to configure squid to block facebook and some social sites with squid.

But i want to allow using facebook to few hosts. how do i do that

like i want to block facebook from 192.168.0.2 - 192.168.0.200
and want to allow facebook from 192.168.0.201-192.168.0.254

Thanks
BGRDS
 
Old 07-01-2010, 09:13 AM   #9
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Smile squid-for-blocking-IM
A quick google search reveals...

Block MSN Messenger with Squid
http://blogs.techrepublic.com.com/networking/?p=308

squid-for-blocking-yahoo-and-msn
http://www.linuxquestions.org/questi...4/#post3075722

some people say snort http://freshmeat.net/projects/snort/
can be configured to do this job, I've never heard of it, nor do I need to block instant messengers like msn icq, etc.

cheers, Glenn
Last edited by GlennsPref; 07-01-2010 at 09:18 AM. Reason: snort
 
  


Reply

Tags
squidconf



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Setting up ubuntu 10.04 (Lucid) server with squid 3 as a Transparent Proxy LXer Syndicated Linux News 0 06-22-2010 07:11 PM
squid proxy server and transparent issue kwaslee Linux - Server 1 04-13-2010 04:00 AM
Forcing http request through Squid Proxy Server(Transparent proxying) ochienged Linux - Server 5 06-02-2009 10:54 AM
Ubuntu, Squid Transparent Proxy server is not working pocs Linux - Networking 6 10-31-2007 10:42 AM
transparent squid proxy server alvi2 Linux - Networking 4 02-24-2005 01:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:11 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration