Re: [squid-users] transparent proxy help

From: Robert Vangel <vangelr@dont-contact.us>
Date: Mon, 30 May 2005 17:50:23 +0800

Henry wrote:
> $router /firewall/gateway = openbsd + PF
> $squidserver = freebsd
> and $desktops....
>
> I had squid installed on my $router for the time being and got a much
> faster machine for my $squidserver... I pretty much copied my
> squid.conf to the new server with some editing to match addresses... I
> setup the necessary routing and firewall rules I'm sure because... I
> can do direct proxying if I specify the proxy server on a machine, this
> works. But it will be tedious to upgrade all desktops to do this and
> not to mention complaints if someone tampers with it or why this needs
> to be done or new machines being added...
>
> Anyway... I can't however do transparent proxy because I -think- squid
> just doesn't want to work for whatever reason which I'm trying to
> figure out...
> Doing some diagnostic work I can see a $desktop connecting to $router
> which redirects it to $squidserver port 3128 and on $squidserver I can
> see $desktop connecting... but I don't see $squidserver connecting to
> www to access the site nor does access.log show anything.
>
> But of course I can direct proxy and telnet to squidserver on port 3128
> and it shows up on access.log....
>
> In squid.conf I've set...
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> Is there something else I missed? Nothing shows up in the squid logs
> when i -try- to transparent proxy...
>

On the $router make sure you are proxying requests to port 80 *except*
when they are coming from $squidserver

I don't know pf commands, but on iptables (sorry) it would be something
like..

iptables -t nat -A PREROUTING -i eth0 -s ! $squidserver -p tcp \
        --dport 80 -j DNAT --to $squidserver:3128

Where eth0 is your LAN interface.

Received on Mon May 30 2005 - 03:50:28 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT