RE: [squid-users] transparent proxy squid

Thanks heaps all working great now. Now going to try user authentication
with dans guardian or squid directly.

William

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: 17 April 2006 13:49
To: William Bohannan
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] transparent proxy squid

mån 2006-04-17 klockan 09:03 +0000 skrev William Bohannan:
> Hi I have installed squid on a debian sarge system which is running off a
> usb key. Two questions:
>
> a) can I run squid the squid cache off the memory alone as to not age the
> usb key

Yes. Set "cahce_dir null" in squid.conf, and use cache_mem for your
cache. Or alternatively set up a tmpfs or ramfs mount point for the
cache.

> b) have tried to setup transparent bridge with no luck I have used the
> following options:
>
> "internet -- bridge -- router -- local lan"
>
> -> option1
>
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port
> 3128
> iptables -A INPUT -i br0 -p tcp -d xxx.xxx.xxx.xxx -s 192.168.1.0 --dport
> 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

For this to work your kernel needs to have the bridge-netfilter
integration enabled.

> -> option2
>
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
--ip-destination-port
> 80 -j redirect --redirect-target ACCEPT
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port
> 3128

Never used ebtables redirect so I can't give much comments on this. But
you may need an INPUT rule as well if your INPUT rules is restrictive..

Basic functionality test: Does it work if the client is configured to
use the proxy?

Regards
Henrik
Received on Tue Apr 18 2006 - 03:14:57 MDT