prophetmr wrote:
> i can save you the trouble of looking at the conf file everything is default
> except i set it to
>
> http_port 192.168.3.107:3128 transparent
>
> using 2.7 defaults,the reason i did that is im divorced and running squid
> transparent is so i dont have to set the browsers to proxy everytime i have
> the kids and reset it before they go to their mothers. It may be something
> in my router that is making everything show as 192.168.3.1 in the logs i
> have the firewall running this script on boot
>
> # nvram set rc_firewall="
> #!/bin/sh
> INTERNAL_NETWORK="192.168.3.1/24"
> ROUTER_IP="192.168.3.1"
> PROXY_SERVER="192.168.3.107"
> PROXY_PORT="3128"
> if [ -z $TRANSPARENT_PROXY ]; then
> /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK \
> -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp
> --dport 80 \
> -j DNAT --to $PROXY_SERVER:$PROXY_PORT
> /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p
> tcp -d \
> $PROXY_SERVER -j SNAT --to $ROUTER_IP
>
This changes the source IP of the traffic to 192.168.3.1.
> /usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d
> $PROXY_SERVER -i br0 \
> -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT
> export TRANSPARENT_PROXY="1"
> else
> echo /"This script has already run!"
> echo /"If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell."
> fi
> "
> [Ctrl+D]
> # nvram commit
>
> the way its set up now i have the kids connect via wireless to the router on
> the lan side and the wan side is the squid router which is connected to a
> repeater from my neighbors who let me split the bill with them since i cant
> get broadband.
>
Have a look at
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute,
or look into using WPAD.
Chris
Received on Sat Jan 24 2009 - 01:37:31 MST
This archive was generated by hypermail 2.2.0 : Sat Jan 24 2009 - 12:00:03 MST