Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    configure squid in transparent mode

    I am trying to configure squid in transparent mode.I am using squid 3.
    I configured squid.conf file as follows:
    ""grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'acl manager proto cache_object
    acl localhost src
    acl to_localhost dst
    acl localnet src # RFC1918 possible internal network
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 873 # rsync
    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localnet
    http_access allow localhost
    http_access deny all
    acl lan src
    http_reply_access allow all
    icp_access allow localnet
    icp_access deny all
    htcp_access allow localnet
    htcp_access deny all
    http_port transparent
    hierarchy_stoplist cgi-bin ?
    access_log /var/log/squid/access.log squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern . 0 20% 4320
    icp_port 3130
    always_direct allow all
    coredump_dir /var/spool/squid""
    In iptables i gave port forwarding as follows:
    ""iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination
    iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 4880""
    eth0 = Internet
    eth1 = Internal computers.

    When i access from other system its not working,I tryed changing proxy settings in firefox,it worked.But in transparent mode its not working.

    is there any problems with above config and forward rules.

    Thanks and Regards

  2. #2



    I have not checked your config but in theory if you can access your internet through the squid if you configure your browser then the settings of the squid should be fine.

    The problem should be in the iptables. Personally I dont like to manage iptables directly. There are so many other options to manage iptables. My favorite is shorewall. I would recommend to use shorewall and do the forwarding in shorewall. Its very easy to configure.



  3. #3
    Thanks. I installed shorewall. when i start shorewall service my internet drops.
    can you help me. And also tell me how to redirect port in shorewall.

    Thanks and Regards

  4. $spacer_open
  5. #4



    It seems you have two network cards which is important when setting up your shorewall config.

    I found a good howto that deals with iptables

    https :// help.ubuntu[/url]. com/community/IptablesHowTo

    If you stick to iptables then thats fine if not then you should flush the rules and then save iptables. I found two useful links:

    http :// shorewall. net/shorewall_quickstart_guide.htm
    http :// debianhelp.

    Sorry but I am not allowed to post urls yet



  6. #5
    Just Joined!
    Join Date
    Dec 2010
    acl all src
    acl manager proto cache_object
    acl abc src "ip/subnet"
    acl localhost src
    acl to_localhost dst
    acl SSL_ports port 443 563
    acl Safe_ports port 80
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70
    acl Safe_ports port 210
    acl Safe_ports port 1025-65535
    acl Safe_ports port 280
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777
    acl CONNECT method CONNECT
    acl src "ip/subnet"
    acl Web dstdomain
    acl deny_URL url_regex
    acl ManagementLAN src "ip/subnet"
    acl Access_Websites url_regex -i "domain"
    acl capnhat_TDKT url_regex
    acl edit_samiweb url_regex ""
    http_access allow ManagementLAN
    http_access deny deny_URL
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_access deny UBND_LAN edit_samiweb
    http_access allow Access_Websites
    http_access deny all

    do check, config "ip/subnet" and "domain", with this "squid.conf", I use ok

  7. #6
    I tried changing that.
    ""acl localnet src
    acl Web dstdomain""

  8. #7
    Just Joined!
    Join Date
    Dec 2010
    "acl Web dstdomain" not important.
    Can you send to me "message error" that you meet ?

  9. #8
    When i restart squid i am getting this warning. Manually its working after changing in browser. I need to make it as transparent.
    ""Stopping squid: ................ [ OK ]
    2010/12/22 06:42:20| Processing Configuration File: /etc/squid/squid.conf (depth 0)
    2010/12/22 06:42:20| Starting Authentication on port
    2010/12/22 06:42:20| Disabling Authentication on port (interception enabled)
    2010/12/22 06:42:20| Initializing https proxy context
    Starting squid: . Ok""


  10. #9
    If this dint work i need to go for open proxy by changing in browser.
    If i change in browser my users email not working in outlook.
    We use pop3 and smtp in 110 and 25.I get eeror like "cannot connect to pop3"

  11. #10
    Just Joined!
    Join Date
    Dec 2010
    Outlook error,
    and your webmail ok?
    if the both error, you must check "iptable".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts