Adrian,
On Feb 8, 2008 5:08 PM, Adrian Chadd <adrian@creative.net.au> wrote:
> It shouldn't be this difficult. I mean, I setup
> ransaprent proxies in a matter of minutes
> these days.
>
> Yes, transparent proxying support needs to be
> compiled in for your architecture.
>
> So. To make this quick and painless:
>
> * which os
> * squid version 3.0, ok
> * squid config, sans comments
> * ip firewalling/redirection rules.
I'll try any distro, it's a greenfield machine.
I started on Ubuntu, worked through Slackware, among others and am now
back with Ubuntu 7.10 Server.
The first thing I did was set up the DHCP server.
Then I downloaded Squid3.0.STABLE1, extracted, ran './configure
--prefix=/usr/local/squid'
'make all'
'make install'
I set up my squid.conf according to the 'QUICKSTART', set up iptables
according to this script:
(script from http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html)
======================
#!/bin/sh
SQUID_SERVER="192.168.60.254″
INTERNET="eth0″
LAN_IN="eth1″
SQUID_PORT="3128″
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $INTERNET -m state /
--stateSTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING /
--out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface /
$LAN_IN -j ACCEPT
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
iptables -t nat -A PREROUTING -i $LAN_IN /
-p tcp --dport 80 -j DNAT --to /
$SQUID_SERVER:$SQUID_PORT
iptables -t nat -A PREROUTING -i $INTERNET /
-p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
======================
At this point Squid worked, but it hacked off the Domain part of the
URL and was unable to resolve the directory/htmlfilename part of the
URL.
I tried everything I could think of to get it to work, without success.
In the end I wiped the Hard Drive (I must've reformatted this machine
twenty or thirty times over the last 5 weeks) and started again from
scratch using these instructions:
http://kuscsik.blogspot.com/2008/01/transparent-proxy-with-squid-3-on.html
This is where I am at the moment.
Received on Fri Feb 08 2008 - 09:57:02 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST