On Tue, Dec 23, 2003 at 12:48:28AM +0800, smart penguin wrote: > > I have done this before, i have posted my complete network setup, as > well as my squid.conf. > > But just the same, i will do it again. > > Server : (RH9) ; external eth0=disabled, because im using a roaring-penguin setup on > adsl modem connected. > ; internal eth1=92.157.57.2, > ; i have flush all my iptables, hence, i have no implementation for > the firewalls. > ; im using port 3128 for squid.conf > ; i have allowed all connection. >
Okay, much better... So your Squid server is also your gateway. > #####Portion on my squid.conf for tranparent Proxy #### > http_port 3128 > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > So far, this is right out of the FAQ. But have you rebuilt Squid with the --enable-linux-netfilter option? I don't know if the binary packages for Squid on Red Hat 9 are built with this option enabled. Find the SRPM and check the spec file on it to be sure. Interception caching with Squid will not work on Linux 2.4 without this option enabled when it was built. > ##### ! End of configuration for transparent proxy ##### > > i have executed this command on my server : > > echo 1 > /proc/sys/net/ipv4/ip_forward > > and > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 > > And set all my workstation (192.157.57.x),automatically detect > setting. but still, all workstation could not browse the internet. You do not set your workstations to "automatically detect settings". If these are Windows boxes, that means they're going to use some strange broadcast protocol to figure out what cache server to use. Set them all to use no proxy, and assume they have a direct connection to the Internet. That's why it's called transparent proxying--your workstations have no idea that they're being proxied, and blithely assume that any port 80 connections they make to hosts on the Internet go straight to their targets. They have no idea that their gateway is actually silently redirecting their HTTP requests to a cache server, and the responses are coming from the cache. What comes up in your cache server access logs when you try to use your present setup? Are there any accesses at all? Here's another document that might be helpful: http://en.tldp.org/HOWTO/TransparentProxy.html By the way, why are you using 192.157.57.0/24? Why don't you use the RFC 1918-compliant 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8 private address space? -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
