
I changed the iptables still no luck :( but I am using squid 3.3 only can I
didn't understand why you have configured 3129 ,3130 and 3128 port?

On Wed, Jun 3, 2015 at 1:04 PM, Klavs Klavsen <k...@vsen.dk> wrote:

> Your client needs to use your squid server as default gateway.
> And then you need the iptables rules I wrote about to direct traffic into
> squid for certain ports.
> Reet Vyas wrote on 06/03/2015 08:50 AM:
>> Hi
>> Thanks for reply. As of now we don't have router I have directly
>> connected my machine to internet and other to LAN and I have configured
>> client machine ubuntu to test squid which is in switch where other users
>> are connected using gateway of router
>> I read your valuable suggestions, but I still confused with IPtables and
>> squid 3.3 setting ,transparent and intercept options .
>> root@squid:/home/squid#   ip addr show
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>> group default
>>      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>      inet <> scope host lo
>>         valid_lft forever preferred_lft forever
>>      inet6 ::1/128 scope host
>>         valid_lft forever preferred_lft forever
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> state UP group default qlen 1000
>>      link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff
>>      inet 116.72.*.*/22 brd scope global eth0
>>         valid_lft forever preferred_lft forever
>>      inet6 fe80::21e:67ff:fecf:5974/64 scope link
>>         valid_lft forever preferred_lft forever
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> state UP group default qlen 1000
>>      link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff
>>      inet <> brd
>> scope global eth1
>>         valid_lft forever preferred_lft forever
>>      inet6 fe80::21e:67ff:fecf:5975/64 scope link
>>         valid_lft forever preferred_lft forever
>> root@squid:/home/squid#  ip -4 route show
>> default via dev eth0
>> <> dev eth0  proto kernel  scope
>> link  src
>> <> dev eth1  proto kernel  scope
>> link  src
>> To use transparent/intercept what I have to set in my config file
>> http_port 3128 intercept or transparent
>> and Iptables rules , I have tried this rules
>> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
>> But not working
>> Can you please tell me the firewall rules and let me know why my
>> firewall rules are not working.
>> On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <k...@vsen.dk
>> <mailto:k...@vsen.dk>> wrote:
>>     Amos Jeffries wrote on 06/02/2015 04:34 PM:
>>         On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:
>>             I have this in my squid server for it to work:
>>         The key words there are ... *in my Squid server*
>>     indeed :)
>>         NOTE to Klavs:
>>             loading the "multiport" kernel module seems overkill for a
>>         single-port
>>         match.
>>     it's puppets firewall module.. haven't had enough time to fix that
>>     module :)
>>         FYI: DONT_VERIFY_PEER, "always_direct allow all", and
>>         "slproxy_cert_error allow all" have not been good ideas since 3.2.
>>         dont-verify actually inhibits the Mimic functions which give
>>         server-first bumping most of its usefulness.
>>     Thank you for those tips.
>>     --
>>     Regards,
>>     Klavs Klavsen, GSEC - k...@vsen.dk <mailto:k...@vsen.dk> -
>>     http://www.vsen.dk - Tlf. 61281200
>>     "Those who do not understand Unix are condemned to reinvent it,
>> poorly."
>>        --Henry Spencer
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users@lists.squid-cache.org
>>     <mailto:squid-users@lists.squid-cache.org>
>>     http://lists.squid-cache.org/listinfo/squid-users
>> _______________________________________________
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> --
> Regards,
> Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
> "Those who do not understand Unix are condemned to reinvent it, poorly."
>   --Henry Spencer
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
squid-users mailing list

Reply via email to