[squid-users] Trying to setup a Proxy server - on local machine

From: O.R.Senthil Kumaran <orsenthil_at_gmail.com>
Date: Sat, 16 Aug 2008 10:10:08 +0530

Hello,
I have a machine which connects directly to internet using ADSL Modem.
Operating System is Fedora Core 2.
I want to setup a squid proxy server to test certain scenarios for a
bug-fix I am working on.
Squid version in my system is Version 2.5.STABLE6

Following is my squid configuration:

----
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
client_netmask 255.255.255.0
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 563	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
acl intranet src 192.168.1.0/24
cache_dir null /tmp
http_access allow intranet
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all
visible_hostname goofy.goofy.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
---
With this configuration, I am able to Proxy + Cache the requests when
Browser is set to goofy.goofy.com:3128 ( My local machine, that is the
same machine).
But my problem is, I am able to directly connect to Internet also.
BOTH are working!
I want the connection to Internet happen only through Proxy. I don't
want Direct Internet connection to work. How do I do that?
I also tried the suggestions with iptables mentioned here:
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
But that did not help.
Any suggestions?
Thanks,
Senthil
Received on Sat Aug 16 2008 - 04:40:17 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 16 2008 - 12:00:03 MDT