All of lore.kernel.org
 help / color / mirror / Atom feed
From: ken scott <kscott9@triad.rr.com>
To: netfilter@lists.netfilter.org
Subject: Transparent proxy single machine question
Date: Sat, 26 Jun 2004 17:14:54 -0400	[thread overview]
Message-ID: <40DDE74E.2000103@triad.rr.com> (raw)

I am trying to build a single machine that  performs web filtering 
(using DansGuardian)  for several users.
The box (Morphix/Debian system) will be behind a cable router and has 
five users (kids).  
I have running Dansguardian and Squid correctly in normal proxy mode.  
The next step is to make the proxy transparent
so that users cannot bypass the Danguardian/squid path simply by telling 
their browser to connect directly.
I have looked around and see instructions on this at several places 
(mostly for non-single machine implementations)
and know I need a line something like like:

 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8181

       where 8181 is where Dansguardian is listening.

I also need to configure squid with (I think) :

 http_port 3128     # where squid is listening
 httpd_accel_host virtual
 httpd_accel_port 80
 httpd_accel_with_proxy  on
 httpd_accel_uses_host_header on        //
 httpd_accel_single_host off

The question is, on a single machine, will this work?  
The part I can't figure out pertains to when squid finally wants to send out the actual
request to the internet, isn't that a port 80 request that the above iptables rule will 
redirect back to Danguardian??
Please reply all as I am not quite sure than I have joined the list correctly.
Thanks in advance
Ken S.


                




                http_port 3128
                httpd_accel_host virtual
                httpd_accel_port 80
                httpd_accel_with_proxy  on
                httpd_accel_uses_host_header on
                

Squid 2.4 needs an /additional/ line added:

                httpd_accel_single_host off
                






             reply	other threads:[~2004-06-26 21:14 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-26 21:14 ken scott [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-06-26 21:24 Transparent proxy single machine question ken scott
2004-06-26 21:51 ` Dimitar Katerinski
2004-06-26 22:09   ` ken scott
2004-06-26 22:42     ` Dimitar Katerinski
2004-06-27  0:52       ` ken scott
2004-06-27  1:16         ` Dimitar Katerinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40DDE74E.2000103@triad.rr.com \
    --to=kscott9@triad.rr.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.