Re: Linux Transparent Proxy how to idiot guide to squid under linux -- Australia Genealogy Message Board

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, 3, 4, 5, [6], 7, 8, 9 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 07:08:36 07/26/07 Thu
Author: Pravin (Happy)
Author Host/IP: 59.160.126.18
Subject: Re: Linux Transparent Proxy how to idiot guide to squid under linux
In reply to: pushkar Bhatkoti 's message, "Linux Transparent Proxy how to idiot guide to squid under linux" on 07:56:38 04/05/05 Tue

>Keyword : iptables masquarding how to. transparent
>proxy how to in linux.
>
>dear this is under fedora core 1..
>
>1) first do chkconfig squid off ---> to turn off the
>firewall...at the start and in any run level...
>
>2) create script with below 2 lines and run at
>startup... + configure squid.conf at port 8080.
>
>ifconfig eth0:2 192.168.100.1
>
>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>iptables -A POSTROUTING -t nat -o eth0 -s
>192.168.100.0/24 -d 0/0 -j MASQUERADE
>
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport
>80 -j REDIRECT --to-port 8080
>
>
>
>
>
>
>hi, here is sample of my squid.conf
>
>
>hi, here is sample of my squid.conf
>
>
># WELCOME TO SQUID 2
># ------------------
>#
>#Default:
>http_port 8080
>#http_port mailserver:8080
># NO_SSLv2 Disallow the use of SSLv2
># NO_SSLv3 Disallow the use of SSLv3
># NO_TLSv1 Disallow the use of TLSv1
># See src/ssl_support.c or OpenSSL documentation
># for a more complete list.
>#
>#Default:
># none
>
># TAG: ssl_unclean_shutdown
># Some browsers (especially MSIE) bugs out on SSL
>shutdown
># messages.
>#
>#Default:
># ssl_unclean_shutdown off
>
># TAG: icp_port
># The port number where Squid sends and receives ICP
>queries to
># and from neighbor caches. Default is 3130. To
>disable use
># "0". May be overridden with -u on the command line.
>#
>#Default:
># icp_port 3130
>
>#Default:
>cache_dir ufs /var/spool/squid 100 16 256
>cache_access_log /var/log/squid/access.log
>
>cache_log /var/log/squid/cache.log
>cache_store_log /var/log/squid/store.log
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hour
>auth_param basic program
>/etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users
>
>#Suggested default:
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>
>#Examples:
>#acl myexample dst_as 1241
>#acl password proxy_auth REQUIRED
>#acl password proxy_auth REQUIRED
>#http_access allow password
>#acl fileupload req_mime_type -i ^multipart/form-data$
>#acl javascript rep_mime_type -i
>^application/x-javascript$
>#
>#Recommended minimum configuration:
>acl all src 0.0.0.0/0.0.0.0
>acl artek src 192.168.100.0/24
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80
>acl Safe_ports port 21
>acl Safe_ports port 443 563
>acl Safe_ports port 70
>acl Safe_ports port 210
>acl Safe_ports port 1025-65535
>acl Safe_ports port 280
>acl Safe_ports port 488
>acl Safe_ports port 591
>acl Safe_ports port 777
>acl CONNECT method CONNECT
>
># TAG: http_access
>#Default:
># http_access deny all
>#
>#Recommended minimum configuration:
>#
># Only allow cachemgr access from localhost
>http_access allow manager localhost
>http_access deny manager
># Deny requests to unknown ports
>http_access deny !Safe_ports
># Deny CONNECT to other than SSL ports
>http_access deny CONNECT !SSL_ports
>#
>#acl our_networks src 192.168.1.0/24 192.168.2.0/24
>#http_access allow our_networks
>
># And finally deny all other access to this proxy
>http_access allow localhost
>http_access allow artek
>http_access deny all
>#http_access allow artek
>
>http_reply_access allow all
>icp_access allow all
>#Default:
># ie_refresh off
>
>
>cache_effective_user squid
>cache_effective_group squid
>
>Thats all....
>really working script. if u don't believe it is not
>running and then kick into ur ass and sleep on the SEY
>bed...and do MASTRABE... if u r not married then go to
>sona and pick up one nice one to ur BED..and configure
>squid with her!!
>
>|||||
>Thats all....
>really working script. if u don't believe it is not
>running and then kick into ur ass and sleep on the SEY
>bed...and do MASTRABE... if u r not married then go to
>sona and pick up one nice one to ur BED..and configure
>squid with her!!
>
>|||||

[ Next Thread | Previous Thread | Next Message | Previous Message ]