Re: [squid-users] Accessing a transparent cache on localhost

From: Jonathan Gazeley <>
Date: Thu, 20 Nov 2008 11:18:07 +0000

Chris Robertson wrote:
> Jonathan Gazeley wrote:
>> I'm new to Squid. I've successfully set up a transparent cache on a
>> server which is also the gateway/firewall/NAT for a small LAN. All
>> the clients on my LAN use the cache properly. However, the server
>> running the cache doesn't use its own cache. I've inserted what I
>> thought were the correct rules into my iptables config:
>> -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
>> -A PREROUTING -s -p tcp --dport 80 -j REDIRECT --to-port
>> 3128
>> -A PREROUTING -s -p tcp --dport 80 -j REDIRECT
>> --to-port 3128
>> -A PREROUTING -s x.x.x.x/32 -p tcp --dport 80 -j REDIRECT --to-port
>> 3128 (external public IP)
> I think it would need to be part of the OUTPUT chain. But you would
> have to do some sort of packet marking to avoid matching packets from
> Squid to the internet (lest you create a forwarding loop).
> It's probably far easier to set the environment variable "http_proxy"
> (e.g. "export http_proxy=http://localhost:3128"). Many utilities (YUM
> , apt, wget, etc) honor this.
Thanks Chris, this works well :) yum was the primary application I
wanted to use the cache anyway, as my LAN consists entirely of Fedora 9
machines and it would save bandwidth to cache the updates. Mirroring the
entire repository seemed a bit overkill in this case...
> Chris
Received on Thu Nov 20 2008 - 11:18:18 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 20 2008 - 12:00:03 MST