Re: [squid-users] Urgent: help on TCP_DENIED/400

From: Navneet Choudhary <navneetkc@dont-contact.us>
Date: Sat, 16 Apr 2005 15:13:36 +0530

>On 4/15/05, tony vong <tonyvong2002@yahoo.com> wrote:
> Yes. I try to set up a transparent proxy. I did not
> configure any proxy on my web broswer client, if
> that's what you are asking. What do I have to do to
> get this work ?

Read http://tldp.org/HOWTO/TransparentProxy.html

For impatient :-

Now, we need to edit the default squid.conf file (installed to
/usr/local/squid/etc/squid.conf, unless you changed the defaults). The
squid.conf file is heavily commented. In fact, some of the best
documentation available for squid is in the squid.conf file. After you
get it all up and running, you should go back and reread the whole
thing. But for now, let's just get the minimum required. Find the
following directives, uncomment them, and change them to the
appropriate values:

    * httpd_accel_host virtual
    * httpd_accel_port 80
    * httpd_accel_with_proxy on
    * httpd_accel_uses_host_header on

To set up the rules, you will need to know two things, the interface
that the to-be-proxied requests are coming in on (I'll use eth0 as an
example) and the port squid is running on (I'll use the default of
3128 as an example).

Now, the magic words for transparent proxying:

    * iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128

Eable IP forwarding

# echo '1' > /proc/sys/net/ipv4/ip_forward
add above line in rc.local.

NOTE: Applicable only to a sucessfully running squid installation.

NOTICE: Above text copied from tldp.org

Rgds,
navneet

> --- Henrik Nordstrom <hno@squid-cache.org> wrote:
> >
> >
> > On Thu, 14 Apr 2005, tony vong wrote:
> >
> > >
> > > my machine ---- squid box ---- internet
> > >
> > > I install SQUID on a linux box. I cannot seem to
> > be
> > > able to get through the squid box. It seems it
> > > replaces all the URL's with '/' !!! How do I fix
> > this
> > > ?
> >
> > Are you attempting to set up a transparently
> > intercepting proxy, hijacking
> > the browsers attempts to talk to port 80 on the
> > Internet?
> >
> > If so see the Squid FAQ for required configuration
> > details.
> >
> > Regards
> > Henrik
> >
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
>
Received on Sat Apr 16 2005 - 03:43:37 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT