| Author |
Message |
Crystal Akimoto
*nix forums beginner
Joined: 26 Jan 2007
Posts: 3
|
 Posted: Thu Feb 08, 2007 9:14 am Post subject:
help needed
Subject description: configuration file for squid.conf purposely for create transparent proxy
|
|
|
http_port 3128
icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 1000
mcast_icp_query_timeout 1000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 512 MB
cache_swap_low 80%
cache_swap_high 100%
maximum_object_size 8192 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 64 KB
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
cache_replacement_policy lru
cache_dir ufs /var/spool/squid 4096 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
log_ip_on_direct on
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
redirect_children 5
redirect_rewrites_host_header on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 128 KB
quick_abort_max 4096 KB
quick_abort_pct 75
negative_ttl 1 minutes
range_offset_limit 0 KB
half_closed_clients on
shutdown_lifetime 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl network src 10.207.161.230/23
acl to_localhost dst 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 25
acl Safe_ports port 995 # pop3
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost to _localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow network
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow network
icp_access allow all
visible_hostname myclient.hostname.com
http_port 80 vhost
http_port 3128 transparent
http_port 127.0.0.1:3128 transparent
#cache_peer
coredump_dir /var/spool/squid
guys the squid is failed to restart and even cant function at all.........help me!! correct me!! i am so headache and scare of it !! |
|
| Back to top |
|
 |
Crystal Akimoto
*nix forums beginner
Joined: 26 Jan 2007
Posts: 3
|
| Posted: Fri Feb 02, 2007 4:44 am Post subject:
|
|
|
| Code: | | http_port 3128 transparent |
thanks, I get it running but do you know about how to configure the iptables?
the prerouting is keeping problems and makes the iptables cannot running...... |
|
| Back to top |
|
|
mihai
*nix forums addict
Joined: 27 Jan 2005
Posts: 71
|
| Posted: Fri Jan 26, 2007 4:52 pm Post subject:
|
|
|
All those configuration options that you used were defined only in squid 2.5. for squid 2.6 all you have to use just one option, something like :
| Code: | | http_port 3128 transparent |
should do it.
Of course squid still has to be compiled with support for transparent proxy with iptables ( netfilter ) |
|
| Back to top |
|
|
Crystal Akimoto
*nix forums beginner
Joined: 26 Jan 2007
Posts: 3
|
Posted: Fri Jan 26, 2007 5:58 am Post subject:
transparent proxy
Subject description: link squid, squidGuard and iptables
|
|
|
Hi, I just started to explore how to build a transparent proxy into Fedora Core 6 OS.
First, I faced a few problems inside httpd_accelerator options in squid which keep parsing unregonized warning as below:
2007/01/26 13:46:27| parseConfigFile: line 41 unrecognized: 'httpd_accel_host virtual'
2007/01/26 13:46:27| parseConfigFile: line 42 unrecognized: 'httpd_accel_port 80'
2007/01/26 13:46:27| parseConfigFile: line 43 unrecognized: 'httpd_accel_with_proxy on'
2007/01/26 13:46:27| parseConfigFile: line 44 unrecognized: 'httpd_accel_uses_host_header on'
I totally freak out why it cannot works!! Please help to correct me isn't I done something incorrect in command lines?
Second, I can't link the squidGuard with squid.... Is it, there is any configuration that need to change inside squd.conf? and the squidGuard redirect pages is it locate inside our localhost and works if the blacklists sites blocked?
Third, the IPtables that which i had link with squid v2.6 using
-A PREROUTING -i "eth1" -p tcp –dport 80 -j DNAT –to 192.168.0.5:3128
-A PREROUTING -i "eth0" -p tcp –dport 80 -j REDIRECT –to-port 3128
Is it a correct configuration that I need to do ? |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Squid
