Re: [squid-users] how to pass all internet traffic through squid

From: Tek Bahadur Limbu <teklimbu@dont-contact.us>
Date: Tue, 13 Nov 2007 22:13:39 +0545

Hi Ranjan,

Tarak Ranjan wrote:
>
>
> Marcello Romani wrote:
>> Tarak Ranjan ha scritto:
>>> Hi List,
>>> i have one squid 2.6 proxy server. current situation is as
>>> per browser settings for proxy...
>>>
>>> Direct Connection: users are directly connecting to internet, no logs
>>> are coming in access.log. not a single ACL is hitting for them
>>>
>>> Autodetect Proxy: same as Direct Connection
>>>
>>> Manual proxy: when anyone selecting manual proxy, that time only ACL
>>> and logs everything is coming for the corresponding IP/user.
>>>
>>> What i want, WHAT EVER THE CLIENT HAS SELECTED IN THEIR BROWSER.
>>> DIRECT/AUTO/MANUEL , ACL & LOG SHOULD COME. AND ALL THE INTERNET
>>> ACCESS TRAFFIC SHOULD PASS THROUGH SQUID......

Currently you are running a normal forward proxy. The feature that you
want is called Squid runing in "intercepting or transparent mode".

By the way, I guess that you are running Squid on a Linux machine?

For Squid to work in intercepting or transparent mode, you need to
fulfill either 1 of the 2 requirements below:

(1.) This Squid box has to be gateway for your 192.168.1.0/24.

(2.) Of if Squid box is not the gateway, then you need to redirect web
traffic from your router to your Squid box.

If you meet either 1 of the requirements, then you need to redirect web
requests on port 80 to your Squid box on port 8080.

Supposing that this Squid box is also your gateway, IPTABLES is your
tool to do this redirection.

You can run something like the following:

/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT
    –to-ports 8080

Note: eth1 is the interface of your 192.168.1.0/24 network.

>>>
>>> HERE IS MY ACCESS.LOG.....THOSE WHO HAVE SELECTED MANUAL PROXY
>>>
>>> 1194864803.351 756 192.168.1.40 TCP_MISS/200 394 POST
>>> http://mail.google.com/mail/channel/bind? - DIRECT/72.14.221.17
>>> text/html
>>> 1194864803.566 1414 192.168.1.23 TCP_MISS/200 515 GET
>>> http://us.bc.yahoo.com/b? - DIRECT/203.84.204.69 image/gif
>>> 1194864824.677 455 192.168.1.117 TCP_MISS/200 2744 GET
>>> http://sb.google.com/
browsing/update? - DIRECT/72.14.217.91
>>> text/html
>>> 1194864827.772 669 192.168.1.108 TCP_MISS/200 2349 GET
>>> http://rad.msn.com/ADSAdClient31.dll? - DIRECT/207.68.178.153 text/html
>>> 1194864828.219 60561 192.168.1.154 TCP_MISS/200 668 POST
>>> http://shttp.msg.yahoo.com/notify/ - DIRECT/216.155.194.239 text/plain
>>> 1194864828.851 1079 192.168.1.108 TCP_MISS/200 3825 GET
>>> http://ad.doubleclick.net/adj/N3977.MSN_homepage_in/B2559371;sz=234x60;ord=1511213470?
>>> - DIRECT/216.73.87.74 application/x-javascript
>>> 1194864828.910 58 192.168.1.108 TCP_IMS_HIT/304 321 GET
>>> http://m1.2mdn.net/879366/flashwrite_1_2.js - NONE/-
>>> application/x-javascript
>>> 1194864829.167 257 192.168.1.108 TCP_MISS/304 317 GET
>>> http://m1.2mdn.net/1234724/yahoo_dotcom_234x60.swf? -
>>> DIRECT/125.252.226.32 application/x-shockwave-flash
>>> 1194864829.436 225558 192.168.1.40 TCP_MISS/200 3260 GET
>>> http://mail.google.com/mail/channel/bind? - DIRECT/72.14.221.17
>>> text/plain
>>>
>>> HERE IS MY CONFIGURATION FOR THE REFERENCE:
>>>
>>> auth_param basic children 5
>>> auth_param basic realm Squid proxy-caching web server
>>> auth_param basic credentialsttl 2 hours
>>> acl all src 0.0.0.0/0.0.0.0
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/255.255.255.255
>>> acl to_localhost dst 127.0.0.0/8
>>> acl blocksites dstdomain "/etc/squid/squid-block.acl"
>>> acl blockfiles urlpath_regex -i "/etc/squid/multimedia.files.acl"
>>> acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
>>> acl SSL_ports port 443
>>> acl CONNECT method CONNECT
>>> http_access allow manager localhost
>>> http_access deny manager
>>> http_access deny blockfiles
>>> http_access deny blocksites
>>> http_access deny malware_block_list
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>> acl lk_network src 192.168.1.0/24
>>> http_access allow lk_network
>>> acl local-servers1 dstdomain liqwidkrystal.com
>>> always_direct deny local-servers1
>>> acl local-servers2 dstdomain lk.com
>>> always_direct deny local-servers2
>>> http_access allow localhost
>>> http_access deny all
>>> http_reply_access allow all
>>> icp_access allow all
>>> http_port 192.168.1.3:8080 transparent
>>> hierarchy_stoplist cgi-bin ?
>>> acl QUERY urlpath_regex cgi-bin \?
>>> cache deny QUERY
>>> cache_mem 8 MB
>>> cache_dir ufs /var/spool/squid 100 16 256

Personally, I feel that 100 MB is a small cache even if your network may
be small. You can increase it to a value say 1000 or 2000 MB.

By the way, I can't seem to find the Safe_ports ACL in your squid.conf?

Also which Operating system and Squid version are you running?

>>> access_log /var/log/squid/access.log squid
>>> cache_log /var/log/squid/cache.log
>>> cache_store_log none
>>> logfile_rotate 7
>>> pid_filename /var/run/squid.pid
>>> log_fqdn off
>>> ftp_passive on
>>> refresh_pattern ^ftp: 1440 20% 10080
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern . 0 20% 4320
>>> acl apache rep_header Server ^Apache
>>> broken_vary_encoding allow apache
>>> cache_mgr tarak.ranjan@liqwidkrystal.com
>>> coredump_dir /var/spool/squid

Looks fine to me.

>>>
>>>
>>> ******* WHAT ARE THE NECESSARY CHANGES I HAVE TO TAKE TO WORK SQUID
>>> AS I MENTIONED ABOVE.
>>>
>>
>> You probably want to setup a transparent proxy...
>> oh, and btw PLEASE DON'T SHOUT we hear you just fine in lowercase.
>>
>> thanks.
>>
> Sorry to post it again.... i haven't get the answer from the post....
> give me some suggestions to make it out

To sum it up, make this Squid box the gateway or redirect web requests
from your router to this Squid box.

Then redirect web requests on port 80 to Squid's port 8080 using the
IPTABLES firewall if your Squid box's operating system is Linux.

Hope that helps.

Thanking you.....

>
>
>

-- 
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com
Received on Tue Nov 13 2007 - 09:29:16 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST