Squid is in both modes. It accepts directly configured proxy, and
interception mode.
Heres my configuration file (squid.conf). Its auto generated from a
system daemon which i've written.
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443
acl CONNECT method CONNECT
dns_nameservers 127.0.0.1
hierarchy_stoplist cgi-bin ?
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl localdst dst 127.0.0.1/32
acl localdst dst 192.168.100.0/24
acl localdst dst 192.168.150.0/24
acl localdst dst 192.168.50.0/24
acl localdst dst 192.168.175.0/24
acl localdst dst 172.16.10.0/24
acl source_Vendas_443 src 192.168.50.3
acl dport_Vendas_443 port 443
tcp_outgoing_address 189.27.236.136 source_Vendas_443 dport_Vendas_443 !localdst
acl source_Devel443 src 192.168.150.177
acl source_Devel443 src 192.168.150.13
acl source_Devel443 src 192.168.150.8
acl source_Devel443 src 192.168.150.95
acl source_Devel443 src 192.168.150.196
acl dport_Devel443 port 443
tcp_outgoing_address 189.27.236.136 source_Devel443 dport_Devel443 !localdst
acl source_Wireless443 src 192.168.175.242
acl source_Wireless443 src 192.168.175.21
acl dport_Wireless443 port 443
tcp_outgoing_address 187.113.225.9 source_Wireless443
dport_Wireless443 !localdst
acl source_WiFi443 src 192.168.175.0/24
acl dport_WiFi443 port 443
tcp_outgoing_address 189.27.236.136 source_WiFi443 dport_WiFi443
!localdst
acl source_voip src 192.168.50.33
tcp_outgoing_address 187.113.225.9 source_voip !localdst
acl source_L4D2 src 192.168.100.78
tcp_outgoing_address 187.113.225.9 source_L4D2 !localdst
external_acl_type securegateway_cfs ipv4 %DST %PROTO %PORT
/usr/bin/squid_filter
acl grp_IDB src 192.168.100.0/24 192.168.150.0/24 192.168.175.0/24
172.16.10.0/24
acl cat_Teste external securegateway_cfs 09,0B,0E,10,12,19,56,58,5C
http_access deny cat_Teste grp_IDB
acl out_balance random 1/2
tcp_outgoing_address 187.113.225.9 out_balance !localdst
tcp_outgoing_address 189.27.236.136 out_balance !localdst
http_access allow localnet
http_access allow localhost
http_access deny all
pid_filename /var/run/squid.pid
half_closed_clients off
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_effective_user squid
cache_effective_group squid
cache_mem 8 MB
memory_pools off
workers 1
visible_hostname firewall.securegateway.localnet
coredump_dir none
access_log daemon:
logfile_daemon /usr/bin/squid_logger
cache_log /var/squid/logs/cache.log
http_port 3128
http_port 3129 intercept
qos_flows local-hit=0x1c
NB: when testing, I also disabled ACLs, extenal ACLs, Logging daemon,
but no sucess at all. Squid still crashes on the same place.
2014-04-03 19:12 GMT-03:00 Eliezer Croitoru <eliezer_at_ngtech.co.il>:
> On 03/20/2014 05:42 PM, Cassiano Martin wrote:
>>
>> Squid is in transparent mode.
>
> tproxy or redirect targets on iptables?
>
> Eliezer
Received on Fri Apr 04 2014 - 12:34:07 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 04 2014 - 12:00:04 MDT