Re: [squid-users] Transperancy With Squid and ipchains

Dear ,
You read here :
http://ds9a.nl/lartc/HOWTO//cvs/2.4routing/output/2.4routing-15.html#SQUID

-- 
Best regards,
 T.Q.Huy                            mailto:huytu@hcmc.netnam.vn
Thursday, January 03, 2002, 9:14:55 PM, you wrote:
SS> Hi
SS> I am trying to find a solution to make squid work transperantly in my setup.
SS> I am using ALPHA and Squid2.3Stable4 with IP chains with one ethernet port and route-map to divert traffic from router. Packets are moving to the squid cache but the are seen in a different
SS> format.. pls.. have a look at the same and let me have ur valuable suggestions....
SS> I followed FAQ 17 and done following things.
SS> Installed IP chains using
SS> #!/bin/sh
SS> # rc.firewall   Linux kernel firewalling rules
SS> # Leon Brooks (leon at brooks dot fdns dot net)
SS> FW=/sbin/ipchains
SS> ADD="$FW -A"
SS> # Flush rules, for testing purposes
SS> for i in I O F # A      # If we enabled accounting too
SS>    do
SS>      ${FW} -F $i
SS>    done
SS> # Default policies:
SS> ${FW} -P input REJECT   # Incoming policy: reject (quick error)
SS> ${FW} -P output ACCEPT  # Output policy: accept
SS> ${FW} -P forward DENY   # Forwarding policy: deny
SS> # Input Rules:
SS> # Loopback-interface (local access, eg, to local nameserver):
SS> ${ADD} input -j ACCEPT -s localhost/32 -d localhost/32
SS> # Local Ethernet-interface:
SS> # Redirect to Squid proxy server:
SS> ${ADD} input -p tcp -d 0/0 80 -j REDIRECT 3128
SS> # Accept packets from local network:
SS> ${ADD} input -j ACCEPT -s 202.xyx.xy.0/22 -d 0/0 -i eth0
SS> # Only required for other types of traffic (FTP, Telnet):
SS> # Forward localnet with masquerading (udp and tcp, no icmp!):
SS> ${ADD} forward -j MASQ -p tcp -s xyz.xyz.xy.0/22 -d 0/0
SS> ${ADD} forward -j MASQ -P udp -s xyz.xyz.xy.0/22 -d 0/0
 
SS> And access.log looked like this....
SS> -1770085401.880     19 202.153.32.250 NONE/400 1088 GET /omni - NONE/- -
SS> -1770085400.250     54 202.153.32.175 NONE/400 1122 GET /pgdownload/update.txt - NONE/- -
SS> -1770085400.785     16 202.153.32.163 NONE/400 1098 GET /feed/pg4/ - NONE/- -
SS> -1770085400.841     45 202.153.32.164 NONE/400 1132 GET /menu.off.off.separator.gif - NONE/- -
SS> -1770085400.851      8 202.153.32.163 NONE/400 1176 GET /us.yimg.com/a/ya/yahoo_anchor/bizmsgr_survey.gif - NONE/- -
SS> -1770085399.087     67 202.153.32.164 NONE/400 1110 GET /menu.off.bg.gif - NONE/- -
SS> -1770085399.320     66 202.153.32.164 NONE/400 1112 GET /menu.off.end.gif - NONE/- -
SS> -1770085399.414     54 202.153.32.163 NONE/400 1126 GET /imip/imip_services.html - NONE/- -
SS> -1770085399.469     42 202.153.32.163 NONE/400 1182 GET /us.yimg.com/i/mesg/insider/messenger_headlines2.jpg - NONE/- -
SS> -1770085399.523     32 202.153.32.163 NONE/400 1132 GET /us.yimg.com/i/yi/line1.gif - NONE/- -
SS> -1770085399.554     19 202.153.32.164 NONE/400 1100 GET /spacer.gif - NONE/- -
SS> -1770085399.576     21 202.153.32.163 NONE/400 1140 GET /us.yimg.com/i/yi/masthead3.gif - NONE/- -
SS> -1770085399.798    102 202.153.32.175 NONE/400 1116 POST /cgi-bin/folder.cgi - NONE/- -
SS> -1770085399.902     12 202.153.32.164 NONE/400 1094 GET /f.s.gif - NONE/- -
SS> -1770085399.991     54 202.153.32.163 NONE/400 1120 GET /sms/smscarriers.html - NONE/- -
SS> -1770085398.172     66 202.153.32.164 NONE/400 1110 GET /menu.end.bg.gif - NONE/- -
SS> -1770085398.400     60 202.153.32.164 NONE/400 1106 GET /hmhome.tl.gif - NONE/- -
SS> -1770085398.628     60 202.153.32.164 NONE/400 1104 GET /hmhome.m.gif - NONE/- -
SS> -1770085398.838     65 202.153.32.164 NONE/400 1116 GET /icon_checkmark.gif - NONE/- -
SS> -1770085397.091     90 202.153.32.164 NONE/400 1363 GET
SS> /l/redirlog/hmhinbox?url=http%3a%2f%2flw7fd%2elaw7%2ehotmail%2emsn%2ecom/cgi-bin/HoTMaiL?curmbox=F000000001&a=849003c03f5163ee2b185880fda1c697 - NONE/- -
SS> -1770085396.188     60 202.153.32.164 NONE/400 1080 GET / - NONE/- -
SS> -1770085395.032     43 202.153.32.163 NONE/400 1170 GET /us.yimg.com/i/mesg/insider/suitcase_large.gif - NONE/- -
SS> -1770085395.098     42 202.153.32.163 NONE/400 1162 GET /us.yimg.com/i/mesg/insider/astrology1.gif - NONE/- -
SS> -1770085395.568     12 202.153.32.250 NONE/400 1088 GET /omni - NONE/- -
SS> -1770085395.584     16 202.153.32.163 NONE/400 1156 GET /us.yimg.com/i/mesg/insider/careers.gif - NONE/- -
SS> -1770085395.752     12 202.153.32.250 NONE/400 1088 GET /omni - NONE/- -
SS> -1770085394.334     72 202.153.32.163 NONE/400 1162 GET /messenger/client/??http://mail.yahoo.com/ - NONE/- -
SS> -1770085393.431     42 202.153.32.168 NONE/400 1102 GET /04n/020.jpg - NONE/- -
SS> -1770085391.456     31 202.153.32.164 NONE/400 1299 GET /cgi-bin/login.cgi?formname=general&login=sryerram&session_id=$1$D$.qum.NTTruaLbXTaNdxmS.&function_name=logout - NONE/- -
SS> -1770085389.704     90 202.153.32.175 NONE/400 1329 GET /search?q=cache:Fs2E4cefleAC:www.herts.ac.uk/ltdu/journal/technelogos.pdf+tips+for+selecting+logos+for+hospital+purpose&hl=en - NONE/- -
SS> -1770085388.059     37 202.153.32.163 NONE/400 1317 GET /svcs/mms/admain_img.asp?Version=4.5&Plcid=0409&CLCID=0409&BrandID=MSMSGS&country=IN&zip=&age=29&gender=F&random=320530 - NONE/- -
SS> -1770085388.764     12 202.153.32.250 NONE/400 1088 GET /omni - NONE/- -
SS> -1770085386.856    175 202.153.32.163 NONE/400 1321 GET /cgi-bin/getmsg?curmbox=F000000005&a=377def3321cebe9e83d4af6bcc2a0b01&msg=MSG1010068725.33&start=68