more fun with squid

more fun with squid

[Patrick Ahler]

Ok, I got squid working great behind my firewall even set it up so IE would
autodetect it. What I would rather do though is have netfilter/the firewall
server(192.168.1.a) forward any http packets from my network 192.168.1.0 to
the proxy server on 192.168.1.b and then out to the internet through the
firewall(192.168.1.a). That way the proxy would be transparent to the users'
browsers and no autodetection would be required. Not sure how to setup these
rules, or if this is even the most efficient way of accomplishing the task.
Also, I don't know if it makes a difference... but the firewall runs NAT
tables.

So, in other words, this is what I'd like to do...
(user)192.168.1.c --->(firewall)192.168.1.a--->(squid/proxy)192.168.1.b--->(
firewall)192.168.1.a

Thanks in advance,
-Patrick

RE: more fun with squid

[Aldo Lagana]

 Google for Transparent Proxying with Squid....there are tons of writeups
and that is what you want...there is only one iptables rule required but
there are a few configs for squid in squid.conf


> 
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org 
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of 
> Patrick Ahler
> Sent: Friday, May 09, 2003 3:49 PM
> To: netfilter EMAIL
> 
> Ok, I got squid working great behind my firewall even set it 
> up so IE would autodetect it. What I would rather do though 
> is have netfilter/the firewall
> server(192.168.1.a) forward any http packets from my network 
> 192.168.1.0 to the proxy server on 192.168.1.b and then out 
> to the internet through the firewall(192.168.1.a). That way 
> the proxy would be transparent to the users'
> browsers and no autodetection would be required. Not sure how 
> to setup these rules, or if this is even the most efficient 
> way of accomplishing the task.
> Also, I don't know if it makes a difference... but the 
> firewall runs NAT tables.
> 
> So, in other words, this is what I'd like to do...
> (user)192.168.1.c 
> --->(firewall)192.168.1.a--->(squid/proxy)192.168.1.b--->(
> firewall)192.168.1.a
> 
> Thanks in advance,
> -Patrick
> 
> 
> 

Re: more fun with squid

[Ray Leach]

[-- Attachment #1: Type: text/plain, Size: 1362 bytes --]

Hi

To set squid up as a transparent proxy (obviously read the HowTo for
this), and basically there are 4 directives to change in the config
file:

httpd_accel_uses_host_header on
httpd_accel_port 80
httpd_accel_host virtual
... umm the last only is something like httpd_accel_proxy....something

Then you have to get netfilter to redirect packets to squid:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to
1.2.3.4:3128




On Fri, 2003-05-09 at 21:49, Patrick Ahler wrote:
> Ok, I got squid working great behind my firewall even set it up so IE would
> autodetect it. What I would rather do though is have netfilter/the firewall
> server(192.168.1.a) forward any http packets from my network 192.168.1.0 to
> the proxy server on 192.168.1.b and then out to the internet through the
> firewall(192.168.1.a). That way the proxy would be transparent to the users'
> browsers and no autodetection would be required. Not sure how to setup these
> rules, or if this is even the most efficient way of accomplishing the task.
> Also, I don't know if it makes a difference... but the firewall runs NAT
> tables.
> 
> So, in other words, this is what I'd like to do...
> (user)192.168.1.c --->(firewall)192.168.1.a--->(squid/proxy)192.168.1.b--->(
> firewall)192.168.1.a
> 
> Thanks in advance,
> -Patrick
> 
> 
> 

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]