On 02/08/11 17:22, benjamin fernandis wrote:
> Hi,
>
> I want to configure squid tproxy as external device.So for that what
> changes do i need to follow in iptables rule and policy routing from
> OS side?
>
> Current Lab setup:
> WAN ROUTER
> |
> |
> |
> switch-------LINUX MACHINE ( configured as router ) ------ end users
> |
> |
> squid
>
> Currently i tried to follow squid wiki steps to configure tproxy.And i
> can see traffic in squid access log but browsing not happening . even
> i m not seeing any traffic in iptables for tproxy rule.
>
> Kindly guide me to solve this problem.
>
>
> I want to deploy squid box as external device for getting cache
> gain.So for that do i need to change anything in iptables or policy
> routing?
Possibly, checklist below:
Squid needs to be setup as a third router box.
LINUX MACHINE:
user subnet gateway -> users
default gateway -> squid
squid:
user subnet gateway -> LINUX MACHINE
default gateway -> WAN ROUTER
WAN ROUTER:
default gateway -> WAN
user subnet gateway -> squid
Any "smart" switch functionality based on IPs disabled. Or at least
tuned to not do things by users IP.
Policy routing on both WAN ROUTER and LINUX MACHINE. For non-80 ports
lop-sided routing around the squid box is okay but best to avoid it.
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
- DMZ config for LINUX MACHINE.
- "internal amongst the clients" config for WAN ROUTER.
> OS : centos 6 32 bit
> squid : 3.1.4
Mr Ritter has a new config for CentOS 6. Better than the one in the wiki
right now. If its not updated soon, contact him for details.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10Received on Tue Aug 02 2011 - 06:14:13 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 08 2011 - 12:00:00 MDT