[squid-users] Squid not acting as a trnansparent proxy in freebsd

From: <azael.reyes_at_sosvia.com>
Date: Mon, 08 Aug 2011 09:49:18 -0700

 Hello

 We needed to create a serverbox to act as a router, and have squid in
 it so it filter the computers on our lan.

 We have internet access on the lan now and the proxy seems to work when
 we put it on the browser (manually)
 its just not doing it transparent at all and we dont want to do this
 manually on all computers

 hope someone can help

 this is our configuration files:

 we have done.

 1. enabled root access via ssh.
 modify file /etc/ssh/sshd_config with the entry of
 Code:

 PermitRootLogin yes

 2. enable bridge
 modify file /etc/rc.conf with
 Code:

 cloned_interfaces="bridge0"
 ifconfig_bridge0="addm bge1 addm bge0 up"

 3. enable bridge with sysctl values
 modify file /etc/sysctl.conf with
 Code:

 net.inet.ip.forwarding=1

 4. modify /boot/loader.conf with
 Code:

 if_bridge_load="YES"

 With this we created the firewall part and are our gateway just works..

 Now this is the squid conf:

 ##########################
 http_port 3128 transparent
 icp_port 0
 hierarchy_stoplist cgi-bin ?
 acl QUERY urlpath_regex cgi-bin \?
 no_cache deny QUERY
 cache_mem 128 MB

 maximum_object_size 80000 KB
 ipcache_size 1024
 ipcache_low 90
 ipcache_high 95
 cache_dir diskd /usr/squid 28000 32 512 Q1=72 Q2=64

 log_fqdn off
 dns_nameservers 67.138.104.249

 auth_param basic children 5
 auth_param basic realm Squid proxy-caching web server
 auth_param basic credentialsttl 2 hours
 refresh_pattern ^ftp: 1440 20% 10080
 refresh_pattern ^gopher: 1440 0% 1440
 refresh_pattern . 0 20% 4320

 #next, remove
 acl localnet src 192.168.211.0/255.255.255.0
 acl localhost src 127.0.0.1/255.255.255.255
 acl to_localhost dst 127.0.0.0/8

 acl SSL_ports port 443 563
 acl Safe_ports port 80 21 443 563 210 1025-65535 280 488 591 777
 acl CONNECT method CONNECT
 acl all src 0.0.0.0/0.0.0.0

 #blacklist acl
 external_acl_type eatFilter children=2 %URI /opt/squidacl/bin/filter
 /opt/squida
 cl/data/blacklist
 acl aeFilter external eatFilter
 http_access deny aeFilter
 deny_info http://blocked.saintapp.com aeFilter

 http_access deny !Safe_ports

 http_access allow localnet
 http_reply_access allow all
 visible_hostname localhost

 #http_access allow all
 coredump_dir /usr/local/squid/cache

 And this are our ipfw config : ( on debian we did iptables just to
 route the lan ips to port 3128 I'm not sure what will work on BSD):

 00100 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in recv bce1
 00200 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in recv bce1
 65535 allow ip from any to any

 We are not sure if its the gateway part thats not working or the squid
 config, we have installed squid 2.7, 3.0 and 3.1 followed at most 10
 tutorials and no luck getting a transparent proxy :(

 Sorry for the bad english
Received on Mon Aug 08 2011 - 16:49:25 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 09 2011 - 12:00:01 MDT