I've got a squid cache server running on my firewall and I have transparent proxying working.
I've got all my clients set up _without_ an entry in the proxy server and I have an iptables PREROUTING rule set up to force forwarded HTTP requests to port 8080 on my firewall/gateway/squid server. That works just fine.
Squid, however doesn't seem to cache any data...specifically Microsoft updates. I've got about 200 PCs going through this server and the requests to MS update site are saturating my gateway to the internet.
If I force the clients to use the proxy via Tools, Internet Options, etc then caching DOES occurr. However, I have so many mobile users that setting the proxy manually in IE isn't feasable (because that setting won't be valid when they leave my company).
Should I even expect transparent proxying to behave in the way that I want?
Thanks, Brian
iptables -t nat-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
/etc/squid/squid.conf:
acl BLOCK url_regex "/usr/local/squid/block.acl"
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?
acl SSL_ports port 443 563
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl unknown src 192.168.209.0/255.255.255.0
cache_dir ufs /usr/local/squid 1000 16 256
hierarchy_stoplist cgi-bin ?
http_access allow localhost
http_access allow manager localhost
http_access allow shop
http_access allow unknown
http_access allow upstairs
http_access allow wireless
http_access allow xtek
http_access deny !Safe_ports
http_access deny BLOCK
http_access deny CONNECT !SSL_ports
http_access deny all
http_access deny manager
http_port 192.168.202.254:8080
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_with_proxy on
icp_access allow all
log_fqdn on
maximum_object_size 60240 KB
mime_table /usr/share/squid/mime.conf
no_cache deny QUERY
Received on Fri Aug 12 2005 - 12:07:59 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT