VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 12345[6]789 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 07:56:38 04/05/05 Tue
Author: pushkar Bhatkoti
Author Host/IP: 203.101.15.171
Subject: Linux Transparent Proxy how to idiot guide to squid under linux

Keyword : iptables masquarding how to. transparent proxy how to in linux.

dear this is under fedora core 1..

1) first do chkconfig squid off ---> to turn off the firewall...at the start and in any run level...

2) create script with below 2 lines and run at startup... + configure squid.conf at port 8080.

ifconfig eth0:2 192.168.100.1

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A POSTROUTING -t nat -o eth0 -s 192.168.100.0/24 -d 0/0 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080






hi, here is sample of my squid.conf


hi, here is sample of my squid.conf


# WELCOME TO SQUID 2
# ------------------
#
#Default:
http_port 8080
#http_port mailserver:8080
# NO_SSLv2 Disallow the use of SSLv2
# NO_SSLv3 Disallow the use of SSLv3
# NO_TLSv1 Disallow the use of TLSv1
# See src/ssl_support.c or OpenSSL documentation
# for a more complete list.
#
#Default:
# none

# TAG: ssl_unclean_shutdown
# Some browsers (especially MSIE) bugs out on SSL shutdown
# messages.
#
#Default:
# ssl_unclean_shutdown off

# TAG: icp_port
# The port number where Squid sends and receives ICP queries to
# and from neighbor caches. Default is 3130. To disable use
# "0". May be overridden with -u on the command line.
#
#Default:
# icp_port 3130

#Default:
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic program /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl password proxy_auth REQUIRED
#http_access allow password
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl artek src 192.168.100.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

# TAG: http_access
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

# And finally deny all other access to this proxy
http_access allow localhost
http_access allow artek
http_access deny all
#http_access allow artek

http_reply_access allow all
icp_access allow all
#Default:
# ie_refresh off


cache_effective_user squid
cache_effective_group squid

Thats all....
really working script. if u don't believe it is not running and then kick into ur ass and sleep on the SEY bed...and do MASTRABE... if u r not married then go to sona and pick up one nice one to ur BED..and configure squid with her!!

|||||
Thats all....
really working script. if u don't believe it is not running and then kick into ur ass and sleep on the SEY bed...and do MASTRABE... if u r not married then go to sona and pick up one nice one to ur BED..and configure squid with her!!

|||||

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

Post a message:
This forum requires an account to post.
[ Create Account ]
[ Login ]
[ Contact Forum Admin ]

Forum timezone: GMT-7
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.