Hi Thanks for reply. As of now we don't have router I have directly connected my machine to internet and other to LAN and I have configured client machine ubuntu to test squid which is in switch where other users are connected using gateway of router 192.168.0.1.
I read your valuable suggestions, but I still confused with IPtables and squid 3.3 setting ,transparent and intercept options . root@squid:/home/squid# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::21e:67ff:fecf:5974/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff inet 192.168.0.200/24 brd 192.168.0.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::21e:67ff:fecf:5975/64 scope link valid_lft forever preferred_lft forever root@squid:/home/squid# ip -4 route show default via 116.72.152.1 dev eth0 116.72.152.0/22 dev eth0 proto kernel scope link src 116.72.152.37 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.200 To use transparent/intercept what I have to set in my config file http_port 3128 intercept or transparent and Iptables rules , I have tried this rules http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect But not working Can you please tell me the firewall rules and let me know why my firewall rules are not working. On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <k...@vsen.dk> wrote: > Amos Jeffries wrote on 06/02/2015 04:34 PM: > >> On 3/06/2015 1:20 a.m., Klavs Klavsen wrote: >> >>> I have this in my squid server for it to work: >>> >> >> The key words there are ... *in my Squid server* >> >> indeed :) > > >> NOTE to Klavs: >> loading the "multiport" kernel module seems overkill for a single-port >> match. >> >> it's puppets firewall module.. haven't had enough time to fix that > module :) > > >> FYI: DONT_VERIFY_PEER, "always_direct allow all", and >> "slproxy_cert_error allow all" have not been good ideas since 3.2. >> dont-verify actually inhibits the Mimic functions which give >> server-first bumping most of its usefulness. >> >> Thank you for those tips. > > -- > Regards, > Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 > > "Those who do not understand Unix are condemned to reinvent it, poorly." > --Henry Spencer > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users