Hi Jose Noto,
Jose Noto wrote:
Good morning,
I am seting up a Transparent proxy using squid where we already have a
proxy server provided by our ISP and I am having some troubles. If I
congure in the browser connections my ISP proxy, internet is working
fine but I am not using the transparent proxy (the proxy server doesn't
log anything) and if I don't configure it I cannot see any website
because I am not using the external proxy, but my squid server is
working trying to resolve all the requests. How can I integrate my ISP
proxy on the squid proxy server? Is there something to do with my
iptables rules that should redirect to my ISP proxy server?
I am a little confused!
When you say your internal proxy server doesn't log anything and then
you say that it is trying to resolve all the requests, what is that
suppose to mean?
IMHO, you can accomplish the integrating of your internal transparent
proxy with your ISP proxy in 2 steps:
client --> Internal transproxy (Gw) --> External ISP Proxy (Parent)
STEP 1:
You need to make your internal transproxy the gateway of your clients.
Or redirect web requests from your router to your internal transparent
proxy. I guess your internal Squid box has 2 network interfaces (eth0,
eth1).
If this squid box also does NAT, then you will need the following script:
#!/bin/sh
#Define your network interfaces and network where
# eth0=Public Internet Interface
# eth1=Private Internal Interface
# Enable simple IP Forwarding
OUT_IF=eth0
INT_IF=eth1
OUT_IF_IP=Public.Static.IP.Address
INT_IF_NET=192.168.0.0/24
echo "1" >/proc/sys/net/ipv4/ip_forward
###Enable Network Address Translation
/sbin/iptables -t nat -A POSTROUTING -o $OUT_IF -s $INT_IF_NET -j SNAT
--to-source $OUT_IF_IP
###Redirect web requests on port 80 to Squid port 3128. Intercepting.
/sbin/iptables -t nat -A PREROUTING -p tcp -s $INT_IF_NET --dport 80 -j
REDIRECT --to-port 3128
#####End Of Script#######
STEP 2:
Configure your transparent/intercepting Squid to use your ISP proxy as
it's parent. In your squid.conf, you need to add an entry something like
the following:
cache_peer IP.Of.ISP.Proxy parent 3128 0 default
Of course, you can use the hostname of your ISP's proxy instead of it's
IP address.
Hope that will help you out.
Thanking you...
Many thanks.
Jose
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com