Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14
Hi I am trying to configure squid in transparent mode.I am using squid 3. I configured squid.conf file as follows: ""grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'acl manager proto ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2010
    Posts
    16

    configure squid in transparent mode


    Hi
    I am trying to configure squid in transparent mode.I am using squid 3.
    I configured squid.conf file as follows:
    ""grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
    acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 873 # rsync
    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localnet
    http_access allow localhost
    http_access deny all
    acl lan src 192.168.0.0/24
    http_reply_access allow all
    icp_access allow localnet
    icp_access deny all
    htcp_access allow localnet
    htcp_access deny all
    http_port 192.168.0.1:4880 transparent
    hierarchy_stoplist cgi-bin ?
    access_log /var/log/squid/access.log squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern . 0 20% 4320
    visible_hostname up.local.unitedprotech.com
    icp_port 3130
    always_direct allow all
    coredump_dir /var/spool/squid""
    In iptables i gave port forwarding as follows:
    ""iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:4880
    iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 4880""
    eth0 = Internet
    eth1 = Internal computers.

    When i access from other system its not working,I tryed changing proxy settings in firefox,it worked.But in transparent mode its not working.

    is there any problems with above config and forward rules.

    Thanks and Regards
    Suresh

  2. #2
    Just Joined!
    Join Date
    Dec 2010
    Posts
    3

    hey

    Hey....

    I have not checked your config but in theory if you can access your internet through the squid if you configure your browser then the settings of the squid should be fine.

    The problem should be in the iptables. Personally I dont like to manage iptables directly. There are so many other options to manage iptables. My favorite is shorewall. I would recommend to use shorewall and do the forwarding in shorewall. Its very easy to configure.

    From,

    EliteCommander

  3. #3
    Just Joined!
    Join Date
    Dec 2010
    Posts
    16
    Hi
    Thanks. I installed shorewall. when i start shorewall service my internet drops.
    can you help me. And also tell me how to redirect port in shorewall.

    Thanks and Regards
    Suresh

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Dec 2010
    Posts
    3

    Hey

    Hey,

    It seems you have two network cards which is important when setting up your shorewall config.

    I found a good howto that deals with iptables

    https :// help.ubuntu[/url]. com/community/IptablesHowTo

    If you stick to iptables then thats fine if not then you should flush the rules and then save iptables. I found two useful links:

    http :// shorewall. net/shorewall_quickstart_guide.htm
    http :// debianhelp. co.uk/shorewall.htm

    Sorry but I am not allowed to post urls yet

    From

    EliteCommander

  6. #5
    Just Joined!
    Join Date
    Dec 2010
    Location
    VietNam
    Posts
    11
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl abc src "ip/subnet"
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70
    acl Safe_ports port 210
    acl Safe_ports port 1025-65535
    acl Safe_ports port 280
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777
    acl CONNECT method CONNECT
    acl src "ip/subnet"
    acl Web dstdomain adminpv.abc.vn
    acl deny_URL url_regex test.bcd.vn/editor
    acl ManagementLAN src "ip/subnet"
    acl Access_Websites url_regex -i "domain"
    acl capnhat_TDKT url_regex tdkt2.abc.vn
    acl edit_samiweb url_regex "abc.vn/editor"
    http_access allow ManagementLAN
    http_access deny deny_URL
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_access deny UBND_LAN edit_samiweb
    http_access allow Access_Websites
    http_access deny all


    do check, config "ip/subnet" and "domain", with this "squid.conf", I use ok

  7. #6
    Just Joined!
    Join Date
    Dec 2010
    Posts
    16
    Hi
    I tried changing that.
    ""acl localnet src 192.168.0.0/24
    acl Web dstdomain domain.com""
    Regards
    Suresh

  8. #7
    Just Joined!
    Join Date
    Dec 2010
    Location
    VietNam
    Posts
    11
    "acl Web dstdomain domain.com" not important.
    Can you send to me "message error" that you meet ?

  9. #8
    Just Joined!
    Join Date
    Dec 2010
    Posts
    16
    When i restart squid i am getting this warning. Manually its working after changing in browser. I need to make it as transparent.
    ""Stopping squid: ................ [ OK ]
    2010/12/22 06:42:20| Processing Configuration File: /etc/squid/squid.conf (depth 0)
    2010/12/22 06:42:20| Starting Authentication on port 0.0.0.0:4115
    2010/12/22 06:42:20| Disabling Authentication on port 0.0.0.0:4115 (interception enabled)
    2010/12/22 06:42:20| Initializing https proxy context
    Starting squid: . Ok""

    Thanks
    Suresh

  10. #9
    Just Joined!
    Join Date
    Dec 2010
    Posts
    16
    If this dint work i need to go for open proxy by changing in browser.
    If i change in browser my users email not working in outlook.
    We use pop3 and smtp in 110 and 25.I get eeror like "cannot connect to pop3"
    Thanks
    Suresh

  11. #10
    Just Joined!
    Join Date
    Dec 2010
    Location
    VietNam
    Posts
    11
    Outlook error,
    and your webmail ok?
    if the both error, you must check "iptable".

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •