Squid transparent proxy

DutchDaemon said:
Search these forums for 'transparent proxy' ..
Click to expand...

hi dutch Ive successfully install my squid 3.0.14.tbz in my box, as i reading most of forums the pf rules is needing this redirect the HTTP traffic do i need to install ports for pf again?

thanks
 
hey guys do u have any sample in pf rdr config :) can you please post here i would say ver much thanks any can help me a basic
 
Sure. On a router/gateway (not a bridge!):

Code: 
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128

On a bridge (bridge only!)
Code: 
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
pass in quick on $int_if route-to lo0 inet proto tcp from any to 127.0.0.1 port 3128 keep state

The $web macro is an approximation. You can narrow it down to port 80 most of the time.

Do not transparently proxy https / port 443 traffic at any time!
 
hello dutch its me again :)

im already created cache directory 150gig space in my transparent proxy, the question is how can change the path directory to cache partition.

thanks
 
I don't understand the question, I think. If you created a directory on your disc (preferably a mount point) and you want Squid to talk to it, set the proper 'cache_dir' in squid.conf (see /usr/local/etc/squid/squid.conf.default for examples), make sure the 'squid' directory is owned by user 'squid', and make sure you initialise it with # squid -z. I'm pretty sure this is covered in the documentation.
 
ahhh sori dutch for mis explanation and sori for my bad english, i mean i already created a cache directory mount point.

thanks and regards
 
DutchDaemon said:
Sure. On a router/gateway (not a bridge!):

Code: 
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128

On a bridge (bridge only!)
Code: 
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
pass in quick on $int_if route-to lo0 inet proto tcp from any to 127.0.0.1 port 3128 keep state

The $web macro is an approximation. You can narrow it down to port 80 most of the time.

Do not transparently proxy https / port 443 traffic at any time!
Click to expand...

hello dutch i have a question, it is possible this kind setup?
example the ISP provide me a public static IP then the ip assigned to my router.

ISP ----- (brigde only)Transparent squid ----- ROUTER(static public IP)

the public static IP it will pass in thru bridge proxy??

million thanks
 
The protocol spoken between the ISP and the router is probably not 'straight IP' (PPPoE, PPPoA, etc), in which case the bridge won't be able to intercept/redirect the traffic. I'd make sure the proxy is inside a 'regular IP' network, i.e. inside your network behind the router.
 
Hi DutchDeamon, sorry to come late but i have the same problem, i want to make my proxy runs as transparent because when i put the IP on the browser it works perfectly but is hard to manager.

So i see that there is a solution like that. I'm using ipfw how can i make it?

Where do i write theses lines here?

Code: 
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
regards/
chamba/
 
You'll have to find the ipfw-equivalent syntax, because these lines are for pf. I'm sure Googling for 'ipfw transparent squid' will give you enough to read.
 
You must log in or register to reply here.
Back
Top