Re: [squid-users] 2.6.STABLE3: how to set up transparent proxy

From: Adrian Chadd <adrian@dont-contact.us>
Date: Sat, 16 Sep 2006 13:49:13 +0800

On Sat, Sep 16, 2006, Michael Carmody wrote:
> I just subscribed to this list for the exact same problem.
>
> Running Squid Stable 3, and proxy works fine when entered into browser but
> transparent mode seems broken, with the port 3128 being appended to all
> requests and the access log only sometimes logging the request at all.
>
> Having also seen umpteen references to release notes, and having http_port
> 3128 transparent there from the beginning. This is getting mildly
> frustrating...
>
> Someone with a working transparent STABLE3 setup want to offer a suggestion ?

Tried vport=80 there? That works for me.

The cute thing about "transparent" proxying under Squid is that it isn't limited
to web services running on port 80.

Adrian

>
> On Saturday 16 September 2006 14:50, W. Tait Cyrus wrote:
> > OK. I've spent the past 4 hours searching old postings and squid
> > related web sites for this answer and seem to find things keep leading
> > in circles.
> >
> > I have a Linux 2.6.17 firewall running squid and squidGuard. The
> > firewall is configured such that all outgoing http access gets NATed to
> > port 3128 (on the fw) where squid then runs squidGuard to filter out
> > "bad" sites. That is ALL squid is intended for is to run squidGuard on
> > all outgoing web accesses. I need this type of configuration since
> > updating the proxy in the web browsers is too easy to turn off (and gain
> > access to the "bad" sites) so I need something transparent.
> >
> > I had been running squid squid-2.5.STABLE12 with little problems, but
> > did run into a problem with an app failing to update itself via http
> > (because squid got in the way) so I wanted to upgrade to 2.6.STABLE3
> > hoping the problem would be fixed. Unfortunately I can't get
> > 2.6.STABLE3 configured to work the same way.
> >
> > Many of the previous posting suggest:
> > - read the release notes:
> > well, I've done that and they don't given any examples, only a word
> > description that
> > an "option" can be used to do this. So it isn't clear at all what
> > the correct form of
> > the options are to configure squid to be transparent since it
> > appears that multiple
> > options are required and no where are they all together discussed
> > - read the FAQ
> > again it says almost the same thing, or doesn't exist (one wiki was
> > still being written in regards
> > to transparent proxy setup)
> > - or they suggest things which didn't work (or produced startup errors)
> >
> > My previous configuration was basically:
> >
> > httpd_accel_port 80
> > httpd_accel_host virtual
> > httpd_accel_with_proxy on
> > httpd_accel_uses_host_header on
> >
> > with iptables configured with:
> > iptables -t nat -A PREROUTING -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j
> > DNAT --to-destination 10.200.1.100:3128
> >
> > So only outgoing port 80 were NAT'ed to 3128. All incoming port 80 are
> > dealt with separately (forwarded to the web server).
> >
> > I've tried the following squid config (since that seemed to be what most
> > people suggested) without success:
> > http_port 3128 transparent
> > cache_peer localhost parent 3128 0 no-query originserver
> > but this mangles the URL adding port 3128 to the host. I.e. changes
> > http://google.com to http://google.com:3128
> > Even tried variations on http_port and cache_peer.
> >
> > So is there a simple example of how to set up a transparent proxy (local
> > cache)?
> >
> > tia
> > ++Tait
Received on Fri Sep 15 2006 - 23:47:45 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT