--- kang ason <a550n@yahoo.com> wrote:
> Date: Fri, 1 Feb 2008 07:00:27 -0800 (PST)
> From: kang ason <a550n@yahoo.com>
> Subject: Transparent Proxy by squid 2.6 stable 14 in
> ubuntu 7.10 not working
> To: squid-users@squid-cache.org
>
> Dear all
>
> i have server running squid (transparent proxy) in
> linux (squid installed using synaptic Package
> Manager
> on ubuntu 7.10 with squid 2.6 Stable 14)
>
> this server have two interfaces, eth0 to internet &
> eth1 to LAN
> And this is my squid.conf
>
> http_port 192.168.10.10:8080 transparent
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> cache_vary on
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 128 MB
> cache_swap_low 98
> cache_swap_high 99
> maximum_object_size 51200 KB
> minimum_object_size 0 KB
> ipcache_size 2048
> ipcache_low 98
> ipcache_high 99
> fqdncache_size 2048
> cache_replacement_policy heap LFUDA
> memory_replacement_policy heap GDSF
> cache_dir ufs /var/spool/squid 5000 18 256
> access_log /var/log/squid/access.log
> squid
> cache_log /dev/null
> cache_store_log /dev/null
> emulate_httpd_log off
> log_ip_on_direct on
> mime_table /usr/share/squid/mime.conf
> log_mime_hdrs off
> pid_filename /var/run/squid.pid
> log_fqdn off
> ftp_user admin@server
> ftp_list_width 32
> ftp_passive on
> ftp_sanitycheck on
> hosts_file /etc/hosts
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl
> Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> ## Client IP Address
> acl VLAN10 src 192.168.10.0/255.255.255.0
> http_access deny CONNECT !SSL_ports
> http_access deny !Safe_ports
> http_access deny purge
> http_access allow purge localhost
> http_access deny manager
> http_access allow VLAN10
> http_access allow manager localhost
> http_access allow localhost
> http_access deny all
> icp_access allow all
> cache_mgr admin@server
> cache_effective_user proxy
> cache_effective_group proxy
> visible_hostname Proxy.server
> always_direct allow all
> coredump_dir /var/spool/squid
> extension_methods REPORT MERGE MKACTIVITY CHECKOUT
> store_dir_select_algorithm round-robin
> ## ---- end of
> squid.conf ----
>
> and this is my iptables for squid transparent
> iptables -t nat -A PREROUTING -i eth1 -s
> 192.168.10/24 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> iptables -A PREROUTING -t nat -i eth1 -p tcp -s
> 192.168.10.0/24 -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -s
> 192.168.10/24 -j MASQUERADE
>
> when i look into /var/log/squid/access.log, i can
> found client access squid.
> if client setting browser using proxy into
> 192.168.10.10 with port 8080, i can see client in
> /var/log/squid/access.log
>
> what wrong with my squid.conf or iptables rules?
> why transparent proxy not working, & why client must
> setting using proxy in their browser if the want
> using
> proxy.
>
> thanks.
>
>
>
> regards
> ason
> Cah Kopeng
> Lereng Utara Gunung Merbabu
>
> ---------------------------------
> Never miss a thing. Make Yahoo your homepage.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Received on Fri Feb 01 2008 - 19:25:16 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:04 MST