LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-16-2010, 08:23 PM   #1
prixone
Member
 
Registered: Jul 2007
Posts: 35

Rep: Reputation: 15
SQUID 2.7.x and 3.1.x won't work as transparent proxy ?


Hi,

i have installed and tried both squid version as transparent proxy but they just don't work.

i have eth0 which is where my internet comes in and eth1 which is my local network 192.168.1.0/255.255.255.0.

My default firewall policy is to drop input output and forward, i have already set my firewall to accept and workout the squid and it is working.

Here is the relevant rules i have on my firewall:
Code:
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP

$IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -i eth1 -p tcp --dport 3128 -m conntrack --ctstate NEW -j ACCEPT
#$IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.254:3128
$IPT -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -j REDIRECT --to-port 3128
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Here is the sample conf i am using for squid:
Code:
http_port 3128 transparent
#https_port 3129 transparent ssl-bump cert=/etc/squid/cert/server.crt key=/etc/squid/cert/server.key

hierarchy_stoplist cgi-bin ?

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.1.0/24

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

always_direct allow all
When using version 2.7.x i was able to make it transparent when i used the below rules:
Code:
#via off
#forwarded_for off
#header_access From deny all
#header_access Server deny all
#header_access WWW-Authenticate deny all
#header_access Link deny all
#header_access Cache-Control deny all
#header_access Proxy-Connection deny all
#header_access X-Cache deny all
#header_access X-Cache-Lookup deny all
#header_access Via deny all
#header_access Forwarded-For deny all
#header_access X-Forwarded-For deny all
#header_access Pragma deny all
#header_access Keep-Alive deny all
I readed the Docs on the squid page but the above rules can't be reproduced to 3.1 and i don't wish to use such rules to make it transparent or hidden so i want some help to figure out why it inst transparent.

if you need any extra information let me know, appreciate any help.

Best regards.

Last edited by prixone; 10-17-2010 at 07:35 AM.
 
Old 10-17-2010, 02:02 AM   #2
mah454
Member
 
Registered: Oct 2009
Location: Iran
Distribution: Debian , Ubuntu , RHEL , CentOS , NetBill
Posts: 134

Rep: Reputation: 15
Hello
change this rule :
Code:
$IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.254:3128
to
Code:
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 --dport 80 -j REDIRECT --to 3128
now , brows some website and check you cache with this command :
Code:
tail -f /var/log/squid/access.log
 
Old 10-17-2010, 07:33 AM   #3
prixone
Member
 
Registered: Jul 2007
Posts: 35

Original Poster
Rep: Reputation: 15
Thanks for the reply but it is not a firewall issue i already tried that rule.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Transparent Proxy SBN Linux - Server 6 07-11-2007 03:54 AM
Squid as a transparent proxy kemplej Linux - Software 2 12-08-2004 05:00 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 06:09 AM
Squid with Transparent Proxy MarleyGPN Linux - Networking 1 08-28-2003 02:51 PM
squid transparent proxy...... hitesh_linux Linux - Networking 1 06-13-2003 03:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration