Sure.
Do you want to do it transparently or simply enforced by blocking direct
access if not configured to use the proxy?
Transparent:
iptables -t nat -A FORWARD -p TCP --dport 80 -j REDIRECT --to-ports
3128
squid.conf:
httpd_accel_host virtual
httpd_accel_uses_host_header on
httpd_accel_with_proxy on
squid configure:
./configure --enable-linux-netfilter ...
Enforced by blocking direct access:
iptables -A FORWARD -p TCP -dport 80 -J REJECT
In both cases, in order to force the use a parent you should use
cache_peer your.parent.proxy parent 8080 0 no-query
acl all src 0.0.0.0/0
never_direct allow all
[replace 8080 by the portnumber where the parent proxy listens]
-- Henrik Nordstrom Squid Hacker Hamish Kibblewhite wrote: > > Hi, > I have been experimenting on my home lan to get iptables working > with squid - so far unsuccessfully. > > What I want to do is get an iptables setup that works over a ppp > connection. But don't seem to be having much luck... > > In addition is it possible to have squid running on my gateway box and > force access through an ISP's kids proxy server as the parent? > > That is - I want to lock down internet access so that the proxying goes > through the ISP and want to have the benefit of a proxy on my home gateway. > (One day soon I will get ADSL....) > > Reason being to restrict what the kiddies can see. And to alleviate myself > of the admin overhead of putting in something like squid-guard and keeping > the blacklist up to date. I want to sponge off the ISP doing that sort of > admin work for me. > > Any tips / pointers to doco / pre-existing scripts would be appreciated. > > regards, > Hamish KibblewhiteReceived on Sat May 26 2001 - 03:54:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:18 MST