Re: [squid-users] help with squid setup
On 26/05/11 20:48, Camilo Cadena wrote: hi, my name is Camilo and i'm just finish my quid configuration and iptables. the thing is, i have an ubuntu server 10.4 with squid in it and a router 3G. So, first i build my wifi network, after that i setup an ip static address for my server, and at the end i install squid. When i use an apple device (macbookpro, macbook, iphone, ipad etc) i can connect them to the wifi network and navigate the intertnet, but if i use any other device as client, like Samsung Galaxy or computer with windows i have no internet connection, so i have to open mozilla and give it the proxy ipaddress and port to use, 3128. The proxy server is transparent. Maybe you can help me, i don't understand the reason of this, all apple products works fine, but any other products don't. Thank you very much Camilo We are going to need details about what Squid configuration and iptables configuration you used. That might lead to other questions, but will be a start. Also, its best not to use the term transparent. There are many different and confusing meanings to the word. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
Re: [squid-users] help with squid setup
On 26/05/11 23:41, Camilo Cadena wrote: hi, the iptables configuration i'm using: snip iptables-t nat-P PREROUTING ACCEPT iptables-t nat-P POSTROUTING ACCEPT iptables-t nat-A POSTROUTING-s 192.168.1.0/24 -o eth0-j MASQUERADE snip You have nothing involving NAT interception for the proxy in there. Do the iptables and sysctl parts of this and it will start to use your Squid: http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat If you have new enough versions of Squid and OS you may be interested in http://wiki.squid-cache.org/Features/Tproxy4 which can handle IPv6 interception for all those modern devices. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
Re: [squid-users] help on squid setup
[...] I want to implement linux squid proxy server so that i have better controls that is ( time based restrictions , ip based restrictions and block certain web sites ) through squid ACLS I think i have to implement squid as a transparent proxy server with 2 lan cards on the squid server [...] Hi Simon, you should be able to do all this from within the router if it is a fairly good one The Cisco 88x and 89x series definitely do this very well and as for the 88x are ADSL capable! The 89x can be plugged into an ADSL modem or even Metro Ethernet solution or alternately backup line. http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml {for ACLs} Anyhow what I'm trying to say is that it should take off the load of adding extra machines and also reduce overall cost too. However if you must use a Squid solution then here are some places to start: http://www.visolve.com/squid/ http://www.squid-cache.org/Doc/config/ and some config examples here: http://wiki.squid-cache.org/ConfigExamples/ apologies for not being able to help further, however I only use squid as reverse proxy in my network environment :-) Hope this gets you started though! Regards, Kaya
Re: [squid-users] help on squid setup
Benedict simon wrote: Dear All, I have used Squid before but im little confused on as how to implement squid on the following setup current setup as follows DSL router with a public Ip for the WAN ( connection to the ISP) lan ip address on dsl router is 192.168.1.254 local network 192.168.100.0/24 right now the clients have the gateway as 192.168.1.254 and they are able to access internet fine I want to implement linux squid proxy server so that i have better controls that is ( time based restrictions , ip based restrictions and block certain web sites ) through squid ACLS I think i have to implement squid as a transparent proxy server with 2 lan cards on the squid server apprecite if someone could advise me as how to go about the setup or some links which do explain about the setup i like to implement thanks and regards simon All the easy ways: http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers Alternatively plug the users switch into one NIC and the DSL box into the second NIC. Setup the squid box as a full router gateway between the two sides, it can then do whatever NAT interception you need for the transparent interception, or simply firewall access or software/people which do not use the proxy gateway. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14
Re: [squid-users] help on squid setup
Thanks guys, I really apprecite your quick reply i will try out your advices and check it out and Mr Kaya u dont have to apologize at all . I should be indeed so grateful to you that u spent your precious valuble time to read my mail n to reply to it. Thanks once again guys regards simon [...] I want to implement linux squid proxy server so that i have better controls that is ( time based restrictions , ip based restrictions and block certain web sites ) through squid ACLS I think i have to implement squid as a transparent proxy server with 2 lan cards on the squid server [...] Hi Simon, you should be able to do all this from within the router if it is a fairly good one The Cisco 88x and 89x series definitely do this very well and as for the 88x are ADSL capable! The 89x can be plugged into an ADSL modem or even Metro Ethernet solution or alternately backup line. http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml {for ACLs} Anyhow what I'm trying to say is that it should take off the load of adding extra machines and also reduce overall cost too. However if you must use a Squid solution then here are some places to start: http://www.visolve.com/squid/ http://www.squid-cache.org/Doc/config/ and some config examples here: http://wiki.squid-cache.org/ConfigExamples/ apologies for not being able to help further, however I only use squid as reverse proxy in my network environment :-) Hope this gets you started though! Regards, Kaya -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Network ADMIN - KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.