Re: [squid-users] transparent proxy myself?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 04 Jul 2012 14:28:14 +1200

On 04.07.2012 13:52, bnichols wrote:
> I do it on my routers. If you have a ddwrt enabled router on your lan
> you can simply put your squid in transparent mode and add the
> iptables
> rules/script to your firewall and save, google "DDWRT squid
> transparent" and youll find it, or do it on a mikrotik is really
> simple
> as well as many many other routers, personally, I dont like using an
> x86 machine as a router.
>

Ah.

There is no need to do the interception part on the routers. Just route
the port-80 traffic (only) to the Squid box (aka "policy routing"). You
can still use the same bypass rules/choices on your routers, they are
just used to bypass the route decision instead of the packet NAT.
  Every end box has routing rules. The specific "forwarding" router
rules are only needed if there is traffic not being intercepted but
passing through it.

When you remove NAT from the routers you *will* notice a change in IP
addressing information available to Squid. You will be able to see what
clients are actually being intercepted, instead of what router was doing
it.

http://wiki.squid-cache.org/ConfigExamples#Interception has various
types of Squid box interception config you get to select from.

Amos
Received on Wed Jul 04 2012 - 02:28:19 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 04 2012 - 12:00:02 MDT