Subject: Re: [LINUX:10160] squid ile transparent proxy
From: Andreas Mueller (amu@tr.debian.net)
Date: Wed 10 Nov 1999 - 18:20:50 EET
On Wed, Nov 10, 1999 at 05:54:06PM +0200, Alper_Oguz wrote:
>
> Merhaba
>
> Daha once listeye squidle ilgili bir sorunumu atmistim. Sonraki
> denemelerimde netscape'in manual proxy conf.una girip gateway'in ip
> adresi ve port olarak da 3128 yazinca sorunsuz calisti. Yani galiba
> benim paketleri gondermemde sorun var. ipchains'te asagidaki gibi bir
> kural ekliyorum:
>
> ipchains -A input -p tcp --destination-port 80 -j REDIRECT 3128
>
> Redhat 6 altinda 2.2.5-15 kernel ve squid-2.2.stable4'u kullaniyorum.
> Hatam ne olabilir?
>
1. Make sure that your kernel is configured properly. This may
involve a recompile, which is beyond the scope of this document.
If you need help on compiling a kernel, please see The Kernel
HOWTO. You will need the following options: Prompt for Development
and/or Incomplete code drivers, Network Firewalls, TCP/IP
Networking, IP Firewalling, IP Transparent Proxy Support. Optimize
as Router Not Host is optional, but it may improve performace.
2. Install Squid. Squid can be obtained from squid.nlanr.net I would
recommend that you get the latest source version of 2.1 (2.2 is
still beta as of this writing)
3. Gunzip and untar the archive.
4. Run the following to compile squid: ./configure && make && make
install
5. Configure your squid.conf to your needs. There are four things you
will want to make sure you have for transparent proxying:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Also pay attention to
http_port
The default value of 3128 should be fine for almost everyone.
You'll need to know what value you're using a little later.
6. Install the IP Chains package. I don't have the URL handy, but you
should be able to find it with a quick search...
7. Set up your IP Chains rules. You need to know two things, the IP
address of the box (I'll use 192.168.1.1 as an example) and the
port that squid is running on (I'll use the default 3128 as an
example). Use the following commands:
ipchains -A input -p TCP -d 127.0.0.1/32 www -j ACCEPT
ipchains -A input -p TCP -d 192.168.1.1/32 www -j ACCEPT
ipchains -A input -p TCP -d 0/0 www -j REDIRECT 3128
8. You may need to enable IP forwarding on your machine. To do this :
echo "1" > /proc/sys/net/ipv4/ip_forward
9. Add the commands from the above two items to your appropriate
startup script(s).
10. If this is a new installation of squid, initialize squid's cache
directories with squid -z
11. Start squid with squid &
12. Change the gateways for the computers on your LAN and or ISP to
point to the IP address of your squid box and you're in business.
amu
-- MCSE = Must Call Somebody Else --------------------------------------------------------------------- Andreas Mueller amu@linux.de amu@bimel.com.tr Bilgisayar M\xfchendisi http://www.tr.debian.net Bimel Limited Tel: +90 (312) 434 2245 Bayindir Sokak 5/5 Fax: +90 (312) 431 1953 Yenisehir 06410 Ankara - TURKEY Private: +90(542)611 2976 ---------------------------------------------------------------------- PGP-Key fingerprint = 56 18 2D 87 8A 27 48 DA 8E 31 70 D9 DB 8A AA 8DListeden cikmak icin: unsub linux mesajini listeci@bilkent.edu.tr'a gonderiniz. Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin. Liste arsivinin adresi: http://listweb.bilkent.edu.tr/