RE: [squid-users] Really transparent proxy from zulkarnain on 2007-05-15 (squid-users)

From: zulkarnain <sizulku@dont-contact.us>
Date: Tue, 15 May 2007 20:54:43 -0700 (PDT)

Add this following entry to your squid.conf

via off
forwarded_for off

Regards,
Zul
--- Facundo Vilarnovo <fvilarnovo@ertach.com> wrote:

> Here it goes!
> #####squid Conf.#####
> http_port 3128 tproxy transparent
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /usr/local/squid/var/logs/access.log
> squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl our_networks src 0.0.0.0/0.0.0.0
> http_access allow our_networks
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> visible_hostname debian-sq
> wccp2_router XXX.XXX.XXX.XXX
> wccp_version 4
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_assignment_method 1
> coredump_dir /usr/local/squid/var/cache
> ###### end of file #####
>
> Here are the Iptables:
> squid-RC9:/usr/local/squid/etc# iptables -L -t
> tproxy
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:3128
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:80
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:80
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:3128
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> if any extra info is needed i have no problem to
> postit!
>
>
> Thnxs all!!
> Facundo Vilarnovo

____________________________________________________________________________________
8:00? 8:25? 8:40? Find a flick in no time
with the Yahoo! Search movie showtime shortcut.
http://tools.search.yahoo.com/shortcuts/#news
Received on Tue May 15 2007 - 21:55:00 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT