----- Original Message ----- From: Rafael 'Dido' Sevilla <[EMAIL PROTECTED]> Date: Tue, 23 Dec 2003 17:59:13 +0800 To: Philippine Linux Users Group Mailing List <[EMAIL PROTECTED]> Subject: Re: [plug] Transparent Proxy (desperate to implement)
> On Tue, Dec 23, 2003 at 12:48:28AM +0800, smart penguin wrote: > > > > I have done this before, i have posted my complete network setup, as > > well as my squid.conf. > > > > But just the same, i will do it again. > > > > Server : (RH9) ; external eth0=disabled, because im using a roaring-penguin setup > > on adsl modem connected. > > ; internal eth1=92.157.57.2, > > ; i have flush all my iptables, hence, i have no implementation for > > the firewalls. > > ; im using port 3128 for squid.conf > > ; i have allowed all connection. > > > > Okay, much better... So your Squid server is also your gateway. > > > #####Portion on my squid.conf for tranparent Proxy #### > > http_port 3128 > > httpd_accel_host virtual > > httpd_accel_port 80 > > httpd_accel_with_proxy on > > httpd_accel_uses_host_header on > > > > So far, this is right out of the FAQ. But have you rebuilt Squid with > the --enable-linux-netfilter option? I don't know if the binary > packages for Squid on Red Hat 9 are built with this option enabled. > Find the SRPM and check the spec file on it to be sure. Interception > caching with Squid will not work on Linux 2.4 without this option > enabled when it was built. I have read some of the documents from the google that squid that comes with redhat 9, are already enabled-netfilter. HOWEVER,assuming that such presumption is not correct, i don't know how to do this. > > ##### ! End of configuration for transparent proxy ##### > > > > i have executed this command on my server : > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > and > > > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 > > > > And set all my workstation (192.157.57.x),automatically detect > > setting. but still, all workstation could not browse the internet. > > You do not set your workstations to "automatically detect settings". If > these are Windows boxes, that means they're going to use some strange > broadcast protocol to figure out what cache server to use. Set them all > to use no proxy, and assume they have a direct connection to the > Internet. That's why it's called transparent proxying--your > workstations have no idea that they're being proxied, and blithely > assume that any port 80 connections they make to hosts on the Internet > go straight to their targets. They have no idea that their gateway is > actually silently redirecting their HTTP requests to a cache server, and > the responses are coming from the cache. > > What comes up in your cache server access logs when you try to use your > present setup? Are there any accesses at all? so far, for a layman, i can read that all sites can be access. I dont know how i can sent to you the complete log file, should you want me to publish. > Here's another document that might be helpful: > > http://en.tldp.org/HOWTO/TransparentProxy.html > > By the way, why are you using 192.157.57.0/24? Why don't you use the > RFC 1918-compliant 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8 private > address space? well i did at first use (192.168.0.0/16), but i like any number that end with 7. and Finally, MErry Christmass to you and to the rest of PLUG. jeremy ignacio > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
