On Fri, Feb 08, 2008, Dave Coventry wrote:
> I'll try any distro, it's a greenfield machine.
>
> I started on Ubuntu, worked through Slackware, among others and am now
> back with Ubuntu 7.10 Server.
Ok. Ubuntu 7.10 is fine.
> The first thing I did was set up the DHCP server.
Ok. Not squid related.
>
> Then I downloaded Squid3.0.STABLE1, extracted, ran './configure
> --prefix=/usr/local/squid'
> 'make all'
> 'make install'
Under linux, add --enable-linux-netfilter to the configure line.
> I set up my squid.conf according to the 'QUICKSTART', set up iptables
> according to this script:
> (script from http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html)
Why didn't you follow http://wiki.squid-cache.org/ConfigExamples/ ? There's half a dozen
examples involving Linux + transparent interception.
Adrian
> ======================
> #!/bin/sh
> SQUID_SERVER="192.168.60.254?$B!m
> INTERNET="eth0?$B!m
> LAN_IN="eth1?$B!m
> SQUID_PORT="3128?$B!m
>
> # Clean old firewall
> iptables -F
> iptables -X
> iptables -t nat -F
> iptables -t nat -X
> iptables -t mangle -F
> iptables -t mangle -X
>
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
>
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> iptables -A INPUT -i $INTERNET -m state /
> --stateSTABLISHED,RELATED -j ACCEPT
>
> iptables --table nat --append POSTROUTING /
> --out-interface $INTERNET -j MASQUERADE
> iptables --append FORWARD --in-interface /
> $LAN_IN -j ACCEPT
>
> iptables -A INPUT -i $LAN_IN -j ACCEPT
> iptables -A OUTPUT -o $LAN_IN -j ACCEPT
>
>
> iptables -t nat -A PREROUTING -i $LAN_IN /
> -p tcp --dport 80 -j DNAT --to /
> $SQUID_SERVER:$SQUID_PORT
>
> iptables -t nat -A PREROUTING -i $INTERNET /
> -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
>
> iptables -A INPUT -j LOG
> iptables -A INPUT -j DROP
> ======================
>
> At this point Squid worked, but it hacked off the Domain part of the
> URL and was unable to resolve the directory/htmlfilename part of the
> URL.
>
> I tried everything I could think of to get it to work, without success.
>
> In the end I wiped the Hard Drive (I must've reformatted this machine
> twenty or thirty times over the last 5 weeks) and started again from
> scratch using these instructions:
> http://kuscsik.blogspot.com/2008/01/transparent-proxy-with-squid-3-on.html
>
> This is where I am at the moment.
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -Received on Fri Feb 08 2008 - 10:25:34 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST