Re: [squid-users] Squid as gateway
Hey, Let's split the scenario into two different issues. - interception - routing Since the squidbox is a router you need to first enable it to be a router and also to do NAT for DNS and other services to work. Means that the MASQUARADE rule is fine but you should limit it only to the specific outgoing interface of the WAN side ie: ens192 And you should define the right iptables rules of the intercept ie: This is wrong: pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.1.20 0.0.0.0/0 tcp dpt:80 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0tcp dpt:80 to:192.168.1.20:3129 Please post using a send the complete "iptables-save" So I would be able to see what I'm suspecting. Technically what you shoul have in the nat table is the next rule: iptables -t nat -A PREROUTING -I ens192 -p tcp --dport 80 -j REDIRECT --to-port 3129 Then you can try to see using " watch -d iptables -t nat -L -nv" if the rules are being "hit" by the counter. If the rule doesn't catch the traffic it should be accounted at the POLICY ACCEPT rule. Let me know if it helps, Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Friday, July 21, 2017 17:19 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid as gateway Hi, and thanks The ROUTERWIFI is a TpLink TL-WR940N i dont see in this router any Nat option :-( This is the router table of the SquidBox Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.1.158.1 0.0.0.0 UG0 00 ens192 10.1.158.0 0.0.0.0 255.255.255.0 U 0 00 ens192 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 00 ens160 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 00 ens192 192.168.0.0 192.168.1.40255.255.255.0 UG0 00 ens160 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 ens160 192.168.2.0 192.168.1.1 255.255.255.0 UG0 00 ens160 192.168.6.0 192.168.1.1 255.255.255.0 UG0 00 ens160 If i enable ipv4 forwarding in SquidBox, the clients of the ROUTERWIFI can access internet, so i think the router table it's ok the clients can go to internet but just because ipv4 forwarding is enable (the squid service is not getting anything, i dont see nothing in the access.log...) if i disable ipv4 forwarding the clients dont go anyway. This is iptables [root@squid ~]# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 383 packets, 42336 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.1.20 0.0.0.0/0 tcp dpt:80 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0tcp dpt:80 to:192.168.1.20:3129 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683200.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Hi, and thanks The ROUTERWIFI is a TpLink TL-WR940N i dont see in this router any Nat option :-( This is the router table of the SquidBox Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.1.158.1 0.0.0.0 UG0 00 ens192 10.1.158.0 0.0.0.0 255.255.255.0 U 0 00 ens192 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 00 ens160 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 00 ens192 192.168.0.0 192.168.1.40255.255.255.0 UG0 00 ens160 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 ens160 192.168.2.0 192.168.1.1 255.255.255.0 UG0 00 ens160 192.168.6.0 192.168.1.1 255.255.255.0 UG0 00 ens160 If i enable ipv4 forwarding in SquidBox, the clients of the ROUTERWIFI can access internet, so i think the router table it's ok the clients can go to internet but just because ipv4 forwarding is enable (the squid service is not getting anything, i dont see nothing in the access.log...) if i disable ipv4 forwarding the clients dont go anyway. This is iptables [root@squid ~]# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 383 packets, 42336 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.1.20 0.0.0.0/0 tcp dpt:80 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0tcp dpt:80 to:192.168.1.20:3129 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683200.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
On 21/07/17 07:07, erdosain9 wrote: Hi, and thank you all. Well this is the diagram. INTERNET + + FIREWALL (10.1.158.1/24) + + + SQUID (2 interfaces) 10.1.158.2/24 192.168.1.20/24 This machine called SQUID need to be configured as a router. You mentioned the GW route for the device below, but what are the two GW routes (10/8 gw ??? , and 192.168/16 gw ???) this SQUID machine should have? + + ROUTERWIFI( WANstatic ip 192.168.1.40/24 gw 192.168.1.20) LAN 192.168.0.1/24) That looks okay. But double-check that this machine is *NOT* performing NAT on any of the outgoing packets sent to 192.168.1.20. squid config: acl red1 src 192.168.1.0/24 That permits the ROUTERWIFI machine to send traffic from itself (only) to Squid. Such traffic should be an extreme rarity - usually just you testing HTTP connectivity from that machine manually. This Squid should be expecting to receive traffic from 192.168.0.0/24 machines. If you do not change this I expect you will start to see DENIED lines being logged by Squid when you fix the packet arrival problem. acl SSL_ports port 443 acl SSL_ports port 8443 acl SSL_ports port 8080 acl SSL_ports port 2 acl SSL_ports port 1 acl SSL_ports port 2083 acl Safe_ports port 631 # httpCUPS acl Safe_ports port 85 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 8443# httpsalt acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8080# edesur y otros NP: those 8080 and 8443 are included in the 1025-65535 entry above. # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager http_access allow localhost http_access allow red1 # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 192.168.1.20:3128 http_port 192.168.1.20:3129 intercept You should not have to specify any IP address here. eg. http_port 3128 http_port 3129 intercept Squid will then be able to receive the NAT'd traffic no matter what system NAT rules contain. ... #Your refresh_pattern refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store ignore-private NP: ignore-no-cache is no longer existing. SECURITY WARNING: using ignore-no-store for images will cache Captcha images, user avatar icons, personal content from private accounts (think snapchat and facebook photos type of stuff). ignore-private is not so bad in the latest Squid releases as it used to be, but it will not cause much of a HIT ratio increase over default behaviour either. # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 8.8.8.8 8.8.4.4 Use of 8.8.8.8 and 8.8.4.4 in a Squid which is intercepting traffic causes a lot of problems - mostly in the form of "Host verify" security alerts and major reduction in HTTP traffic caching. To work around those problems you need a local DNS server which both your client machines and Squid use for recursive resolving. That DNS server can use 8.8.8.8 and 8.8.4.4 as its upstream forwarders if you actually still need it - having your own local resolver pretty much obsoletes all the benefits 8.8.8.8 claim to provide. --- I probe this, nothing work.. - iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.20:3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP
Re: [squid-users] Squid as gateway
>> ROUTERWIFI( WANstatic ip 192.168.1.40/24 gw 192.168.1.20) LAN 192.168.0.1/24) is it mikrotik or other specify pls -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683194.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Hi, and thank you all. Well this is the diagram. INTERNET + + FIREWALL (10.1.158.1/24) + + + SQUID (2 interfaces) 10.1.158.2/24 192.168.1.20/24 + + + ROUTERWIFI( WANstatic ip 192.168.1.40/24 gw 192.168.1.20) LAN 192.168.0.1/24) squid config: acl red1 src 192.168.1.0/24 acl SSL_ports port 443 acl SSL_ports port 8443 acl SSL_ports port 8080 acl SSL_ports port 2 acl SSL_ports port 1 acl SSL_ports port 2083 acl Safe_ports port 631 # httpCUPS acl Safe_ports port 85 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 8443# httpsalt acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8080# edesur y otros acl CONNECT method CONNECT # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager http_access allow localhost http_access allow red1 # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 192.168.1.20:3128 http_port 192.168.1.20:3129 intercept # Uncomment and adjust the following to add a disk cache directory. cache_dir diskd /var/spool/squid 15000 16 256 cache_mem 256 MB cache_swap_low 90 cache_swap_high 95 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid #Your refresh_pattern refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store ignore-private # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 8.8.8.8 8.8.4.4 visible_hostname squid.xx.lan --- I probe this, nothing work.. - iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.20:3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP iptables -t nat -A PREROUTING -s 192.168.1.20 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP --- A hand?? Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683192.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
On 12/07/17 04:20, Rafael Akchurin wrote: May be this will be of any help - https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html erdosain9: the above should be what you need. If not, then you may still be distracted by thinking that Squid has any relevance to the "gateway". What you need to start with is that the machine which will _later_ be running Squid - be _first_ setup as a gateway router on your network. That has nothing to do with Squid and the details should be available in any general networking sysadmin guide. The key thing is that all your clients traffic routing should be operational and going through that machine *before* you go anywhere near even installing Squid on that machine. Only after that gateway is setup and operational do you install Squid and add the iptables bits to get the traffic into Squid. The Squid wiki examples are intended for use by someone already somewhat familiar with network configuration and wanting to do that extra step with the proxy. The Diladele page(s) go through much more of the full process of setting up the gateway machine, but remember that most of what you are wanting is not about Squid at all - so don't skip parts thinking they are irrelevant to your proxy. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Hey, The text doesn't contains enough details to understand where squid sitting in the network and how it all should work. Please describe every IP address in the network and network CIDR's. What is the IP of the WANRouter and other components. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Tuesday, July 11, 2017 16:35 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid as gateway Hi, and thanks. Maybe i dont explain well. I just want this: WanRouter---Squid-switch--PC I want to declare in "PC" IP, MASK, AND GATEWAY, instead of the WanRouter, i want that PC have for gateway the ip of the Squid. I do this by now. sudo iptables -A PREROUTING -t nat -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128 [root@squid ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:3128 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:443 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:80 ACCEPT all -- 0.0.0.0/00.0.0.0/0state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0state NEW tcp dpt:22 REJECT all -- 0.0.0.0/00.0.0.0/0reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/00.0.0.0/0reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -t nat --line-numbers -L Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1REDIRECT tcp -- 192.168.1.0/24 anywhere tcp dpt:http redir ports 3128 And in squid.conf i have http 192.168.1.35:3128 intercept But... this is not working... so Can anyone give me a hand? Thanks to all. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683053.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
May be this will be of any help - https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Tuesday, July 11, 2017 5:41 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid as gateway Ok Yuri, im re re re reading... :-) And probe another configs, like this http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect and nothing, i dont get where i fail. Squid, it is config in interception mode. cache.log 2017/07/11 14:15:43 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 14 flags=9 2017/07/11 14:15:43 kid1| Accepting NAT intercepted HTTP Socket connections at local=[::]:3129 remote=[::] FD 15 flags=41 So. yes, yes, i keep reading. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683058.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Ok Yuri, im re re re reading... :-) And probe another configs, like this http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect and nothing, i dont get where i fail. Squid, it is config in interception mode. cache.log 2017/07/11 14:15:43 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 14 flags=9 2017/07/11 14:15:43 kid1| Accepting NAT intercepted HTTP Socket connections at local=[::]:3129 remote=[::] FD 15 flags=41 So. yes, yes, i keep reading. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683058.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Squid should be configured and built with interception support. Re-read more carefully. 11.07.2017 21:26, erdosain9 пишет: > Thanks > Yes, im looking the wiki and follow this > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat > > And, it is not working. Nothing it is going to squid. > > I can go to internet because > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 > > but, nothing throug squid. > > What can be? Another wiki??? > > > > -- > View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683056.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users signature.asc Description: OpenPGP digital signature ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Thanks Yes, im looking the wiki and follow this http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat And, it is not working. Nothing it is going to squid. I can go to internet because # Controls IP packet forwarding net.ipv4.ip_forward = 1 but, nothing throug squid. What can be? Another wiki??? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683056.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Feel free to take a look inside wiki: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy http://wiki.squid-cache.org/ConfigExamples/Intercept 11.07.2017 19:35, erdosain9 пишет: > Hi, and thanks. > Maybe i dont explain well. > I just want this: > > WanRouter---Squid-switch--PC > > I want to declare in "PC" IP, MASK, AND GATEWAY, instead of the WanRouter, i > want that PC have for gateway the ip of the Squid. > > I do this by now. > > sudo iptables -A PREROUTING -t nat -s 192.168.1.0/24 -p tcp --dport 80 -j > REDIRECT --to-port 3128 > > [root@squid ~]# iptables -L -n > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:3128 > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:443 > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:80 > ACCEPT all -- 0.0.0.0/00.0.0.0/0state > RELATED,ESTABLISHED > ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 > ACCEPT all -- 0.0.0.0/00.0.0.0/0 > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0state NEW tcp > dpt:22 > REJECT all -- 0.0.0.0/00.0.0.0/0reject-with > icmp-host-prohibited > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > REJECT all -- 0.0.0.0/00.0.0.0/0reject-with > icmp-host-prohibited > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > > iptables -t nat --line-numbers -L > Chain PREROUTING (policy ACCEPT) > num target prot opt source destination > 1REDIRECT tcp -- 192.168.1.0/24 anywhere tcp > dpt:http redir ports 3128 > > > And in squid.conf > i have > http 192.168.1.35:3128 intercept > > But... this is not working... so > Can anyone give me a hand? > > Thanks to all. > > > > > > -- > View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683053.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users signature.asc Description: OpenPGP digital signature ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
Hi, and thanks. Maybe i dont explain well. I just want this: WanRouter---Squid-switch--PC I want to declare in "PC" IP, MASK, AND GATEWAY, instead of the WanRouter, i want that PC have for gateway the ip of the Squid. I do this by now. sudo iptables -A PREROUTING -t nat -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128 [root@squid ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:3128 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:443 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:80 ACCEPT all -- 0.0.0.0/00.0.0.0/0state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0state NEW tcp dpt:22 REJECT all -- 0.0.0.0/00.0.0.0/0reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/00.0.0.0/0reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -t nat --line-numbers -L Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1REDIRECT tcp -- 192.168.1.0/24 anywhere tcp dpt:http redir ports 3128 And in squid.conf i have http 192.168.1.35:3128 intercept But... this is not working... so Can anyone give me a hand? Thanks to all. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683053.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as gateway
On 08/07/17 04:14, erdosain9 wrote: Hi. It's possible to put the squid server as gateway??? and config to ear in port 80 instead of 3128? This will work? Yes. See <http://wiki.squid-cache.org/SquidFaq/ReverseProxy>. Like that page name most of the documentation can be found by looking for the term "reverse proxy" rather than gateway. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid as gateway
Hi. It's possible to put the squid server as gateway??? and config to ear in port 80 instead of 3128? This will work? Thanks to all. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users