Re: [squid-users] Access Control from Henrik Nordstrom on 2007-01-31 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 31 Jan 2007 23:53:22 +0100

tor 2007-01-25 klockan 23:12 -0600 skrev Matt:
> I am installing Squid 2.6STABLE on CentOS 4.4. I want to have our
> Mikrotik router DST-NAT all port 80 requests to it and use it as a
> transparent cache.

Should work reasonably well, assuming the proxy is on a different leg of
the router than your clients.. But you will not get full functionality
when bouncing traffic like this using NAT.

> #allow my IP pools on port 80
> src-address=12.1.1.0/24 dst-port=80 action=allow
> src-address=12.1.3.0/24 dst-port=80 action=allow
> #deny all else
> action=deny
>
> How do I accomplish this in the Squid config?

See QUICKSTART.

> Also, if I DST-NAT all port 80 traffic to the linux box Squid is
> running on do I need to config anything special in the Linux kernel?

No, nothing. But you need to use the transparent http_port option in
squid.conf.

Regards
Henrik

application/pgp-signature attachment: Detta är en digitalt signerad meddelandedel

Received on Wed Jan 31 2007 - 15:53:27 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST