Hi Jose Noto,

Jose Noto wrote:
Good morning,

I am seting up a Transparent proxy using squid where we already have a proxy server provided by our ISP and I am having some troubles. If I congure in the browser connections my ISP proxy, internet is working fine but I am not using the transparent proxy (the proxy server doesn't log anything) and if I don't configure it I cannot see any website because I am not using the external proxy, but my squid server is working trying to resolve all the requests. How can I integrate my ISP proxy on the squid proxy server? Is there something to do with my iptables rules that should redirect to my ISP proxy server?

I am a little confused!

When you say your internal proxy server doesn't log anything and then you say that it is trying to resolve all the requests, what is that suppose to mean?


IMHO, you can accomplish the integrating of your internal transparent proxy with your ISP proxy in 2 steps:

client --> Internal transproxy (Gw) --> External ISP Proxy (Parent)

STEP 1:

You need to make your internal transproxy the gateway of your clients. Or redirect web requests from your router to your internal transparent proxy. I guess your internal Squid box has 2 network interfaces (eth0, eth1).

If this squid box also does NAT, then you will need the following script:

#!/bin/sh

#Define your network interfaces and network where
# eth0=Public Internet Interface
# eth1=Private Internal Interface
# Enable simple IP Forwarding

OUT_IF=eth0
INT_IF=eth1
OUT_IF_IP=Public.Static.IP.Address
INT_IF_NET=192.168.0.0/24

echo "1" >/proc/sys/net/ipv4/ip_forward

###Enable Network Address Translation

/sbin/iptables -t nat -A POSTROUTING -o $OUT_IF -s $INT_IF_NET -j SNAT --to-source $OUT_IF_IP

###Redirect web requests on port 80 to Squid port 3128. Intercepting.

/sbin/iptables -t nat -A PREROUTING -p tcp -s $INT_IF_NET --dport 80 -j REDIRECT --to-port 3128

#####End Of Script#######


STEP 2:

Configure your transparent/intercepting Squid to use your ISP proxy as it's parent. In your squid.conf, you need to add an entry something like the following:

cache_peer IP.Of.ISP.Proxy        parent   3128  0 default

Of course, you can use the hostname of your ISP's proxy instead of it's IP address.


Hope that will help you out.

Thanking you...


Many thanks.

Jose






--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

System Administrator

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np

http://teklimbu.wordpress.com

Reply via email to