I've got a squid cache server running on my firewall and I have transparent proxying working.
I've got all my clients set up _without_ an entry in the proxy server and I have an iptables PREROUTING rule set up to force forwarded HTTP requests to port 8080 on my firewall/gateway/squid server. That works just fine. Squid, however doesn't seem to cache any data...specifically Microsoft updates. I've got about 200 PCs going through this server and the requests to MS update site are saturating my gateway to the internet. If I force the clients to use the proxy via Tools, Internet Options, etc then caching DOES occurr. However, I have so many mobile users that setting the proxy manually in IE isn't feasable (because that setting won't be valid when they leave my company). Should I even expect transparent proxying to behave in the way that I want? Thanks, Brian iptables -t nat-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 /etc/squid/squid.conf: acl BLOCK url_regex "/usr/local/squid/block.acl" acl CONNECT method CONNECT acl QUERY urlpath_regex cgi-bin \? acl SSL_ports port 443 563 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl manager proto cache_object acl unknown src 192.168.209.0/255.255.255.0 cache_dir ufs /usr/local/squid 1000 16 256 hierarchy_stoplist cgi-bin ? http_access allow localhost http_access allow manager localhost http_access allow shop http_access allow unknown http_access allow upstairs http_access allow wireless http_access allow xtek http_access deny !Safe_ports http_access deny BLOCK http_access deny CONNECT !SSL_ports http_access deny all http_access deny manager http_port 192.168.202.254:8080 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_uses_host_header on httpd_accel_with_proxy on icp_access allow all log_fqdn on maximum_object_size 60240 KB mime_table /usr/share/squid/mime.conf no_cache deny QUERY
