Transparent proxy with squid 3.1 on RHEL 6
13,979
Solution 1
Put this in your squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# acl lan src 192.168.1.1 192.168.2.0/24 # configure this for your lan settings
http_access allow localhost
http_access allow lan
and make sure you have setup the iptables on your squid server.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
For more find out HOWTO at http://tldp.org/HOWTO/TransparentProxy.html
Solution 2
dns_nameservers 182.190.0.21 182.176.39.17 192.168.1.100
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
#acl M1 arp 00:18:8B:28:DD:7F
#acl M2 arp 00:21:9b:d3:d8:de
#http_access allow M1
#http_access allow M2
#http_access deny all
#http_port 80
#httpd_accel_host 127.0.0.1
#http_accel_port 80
http_port 80 accel defaultsite=proxy.shancomputers.com vhost
forwarded_for on
#httpd_accel_single_host on
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header off
icp_access allow all
#cache_peer 127.0.0.1 parent 3128 0 no-query default
acl web_ports port 80
http_access allow web_ports
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
hierarchy_stoplist cgi-bin ?
memory_replacement_policy lru
cache_replacement_policy heap LFUDA
#upgrade_http0.9 deny shoutcast
#acl all src all
unique_hostname proxy.shancomputers.com
visible_hostname proxy.shancomputers.com
cache_mgr [email protected]
acl dp url_regex -i \.mp3$ \.wmv$ \.avi$ \.wma$ \.mpe?g$
acl dp1 rep_mime_type video/flv
acl youtube dstdomain .youtube.com
acl YIM_ports port 5050
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
acl MSN_ports port 1863 443 1503
acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 192.168.1.0/24
acl MSN_methods method CONNECT
acl numconn maxconn 6
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl POST method POST
acl CONNECT method CONNECT
acl GET method GET
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl QUERY urlpath_regex cgi-bin \?
#---------------------------------------------------------------------
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains
http_access allow MSN_methods MSN_ports MSN_hosts
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.1:3128 transparent
#http_port 192.168.1.1:8080 transparent
#---------------------------------------------------------------------
#memory_cache_mode always
acl FTP proto FTP
always_direct allow FTP
miss_access allow all
#--------------------------------------------------------------------
cache_store_log /var/log/squid/store.log
no_cache deny QUERY
no_cache deny POST
#---------------------------------------------------------------------
request_header_max_size 100 MB
maximum_object_size 96 MB
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 9999 99% 99990 override-expire reload-into-ims override-lastmod
refresh_pattern cgi-bin 1 20% 2
refresh_pattern \.asp$ 1 20% 2
refresh_pattern \.acgi$ 1 20% 2
refresh_pattern \.cgi$ 1 20% 2
refresh_pattern \.pl$ 1 20% 2
refresh_pattern \.shtml$ 1 20% 2
refresh_pattern \.php3$ 1 20% 2
refresh_pattern \? 1 20% 2
refresh_pattern \.gif$ 10080 90% 43200
refresh_pattern \.jpg$ 10080 90% 43200
refresh_pattern \.bom\.gov\.au 30 20% 120
refresh_pattern \.html$ 480 50% 22160
refresh_pattern \.htm$ 480 50% 22160
refresh_pattern \.class$ 10080 90% 43200
refresh_pattern \.zip$ 10080 90% 43200
refresh_pattern \.jpeg$ 10080 90% 43200
refresh_pattern \.mid$ 10080 90% 43200
refresh_pattern \.shtml$ 480 50% 22160
refresh_pattern \.exe$ 10080 90% 43200
refresh_pattern \.thm$ 10080 90% 43200
refresh_pattern \.wav$ 10080 90% 43200
refresh_pattern \.txt$ 10080 90% 43200
refresh_pattern \.cab$ 10080 90% 43200
refresh_pattern \.au$ 10080 90% 43200
refresh_pattern \.mov$ 10080 90% 43200
refresh_pattern \.xbm$ 10080 90% 43200
refresh_pattern \.ram$ 10080 90% 43200
refresh_pattern \.avi$ 10080 90% 43200
refresh_pattern \.chtml$ 480 50% 22160
refresh_pattern \.thb$ 10080 90% 43200
refresh_pattern \.dcr$ 10080 90% 43200
refresh_pattern \.bmp$ 10080 90% 43200
refresh_pattern \.phtml$ 480 50% 22160
refresh_pattern \.mpg$ 10080 90% 43200
refresh_pattern \.pdf$ 10080 90% 43200
refresh_pattern \.swf$ 10080 90% 43200
refresh_pattern \.mp3$ 10080 90% 43200
refresh_pattern \.ra$ 10080 90% 43200
refresh_pattern \.spl$ 10080 90% 43200
refresh_pattern \.viv$ 10080 90% 43200
refresh_pattern \.doc$ 10080 90% 43200
refresh_pattern \.gz$ 10080 90% 43200
refresh_pattern \.Z$ 10080 90% 43200
refresh_pattern \.tgz$ 10080 90% 43200
refresh_pattern \.tar$ 10080 90% 43200
refresh_pattern \.vrm$ 10080 90% 43200
refresh_pattern \.vrml$ 10080 90% 43200
refresh_pattern \.aif$ 10080 90% 43200
refresh_pattern \.aifc$ 10080 90% 43200
refresh_pattern \.aiff$ 10080 90% 43200
refresh_pattern \.arj$ 10080 90% 43200
refresh_pattern \.c$ 10080 90% 43200
refresh_pattern \.cpt$ 10080 90% 43200
refresh_pattern \.dir$ 10080 90% 43200
refresh_pattern \.dxr$ 10080 90% 43200
refresh_pattern \.hqx$ 10080 90% 43200
refresh_pattern \.jpe$ 10080 90% 43200
refresh_pattern \.lha$ 10080 90% 43200
refresh_pattern \.lzh$ 10080 90% 43200
refresh_pattern \.midi$ 10080 90% 43200
refresh_pattern \.movie$ 10080 90% 43200
refresh_pattern \.mp2$ 10080 90% 43200
refresh_pattern \.mpe$ 10080 90% 43200
refresh_pattern \.mpeg$ 10080 90% 43200
refresh_pattern \.mpga$ 10080 90% 43200
refresh_pattern \.pl$ 10080 90% 43200
refresh_pattern \.ppt$ 10080 90% 43200
refresh_pattern \.ps$ 10080 90% 43200
refresh_pattern \.qt$ 10080 90% 43200
refresh_pattern \.qtm$ 10080 90% 43200
refresh_pattern \.ras$ 10080 90% 43200
refresh_pattern \.sea$ 10080 90% 43200
refresh_pattern \.sit$ 10080 90% 43200
refresh_pattern \.tif$ 10080 90% 43200
refresh_pattern \.tiff$ 10080 90% 43200
refresh_pattern \.snd$ 10080 90% 43200
refresh_pattern \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 480 60% 22160
refresh_pattern ^gopher:// 30 20% 120
refresh_pattern . 480 50% 22160
refresh_pattern \.iso$ 10080 90% 43200
#------------------------------------------------------------------------
range_offset_limit 0 KB
#---------------------------------------------------------------------------
hosts_file /etc/hosts
coredump_dir /var/spool/squid
#----------------------------------------------------------------------------
quick_abort_min 1024 KB
quick_abort_max 2048 KB
quick_abort_pct 90
cache_effective_user squid
cache_effective_group squid
cache_dir ufs /var/spool/squid 20000 16 256
cache_mem 1024 MB
fqdncache_size 1024
request_body_max_size 100 KB
Related videos on Youtube
Author by
Kumar
Working as System Administrator at Coimbatore based Company
Updated on September 18, 2022Comments
-
Kumar over 1 year
We have nearly 50 systems with windows XP and have Linux (RHEL6) for server.
Also have squid 3.1 , Samba and Apache for local use.
Under proxy, VPN and outlook express does not connected. I heard that transparent proxy will fix this problem. I have tried steps from internet and stack-exchange. But i can't fix this issue fully. Please give clear configuration file and configuration for IpTables.
Here my squid conf file.
# # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localinternet src 10.1.1.0/24 ##acl localnet src 10.0.0.0/8 # RFC1918 possible internal network ##acl localnet src 172.16.0.0/12 # RFC1918 possible internal network ##acl localnet src 192.168.0.0/16 # RFC1918 possible internal network ##acl localnet src fc00::/7 # RFC 4193 local private network range ##acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines # # Special IP List acl special src "/etc/squid/special.txt" # All Access IPs # Allowed IP List acl d_unlimited src "/etc/squid/d_unlimited.txt" # Full Download access acl u_unlimited src "/etc/squid/u_unlimited.txt" # Full Upload access acl allow_proxy src "/etc/squid/allow_proxy.txt" # Allow Proxy acl allow_social src "/etc/squid/allow_social.txt" # Allow Social networking acl allow_tutorial src "/etc/squid/allow_tutorial.txt" # Allow Tutorial acl allow_movie src "/etc/squid/allow_movie.txt" # Allow Jobs acl allow_jobs src "/etc/squid/allow_jobs.txt" # Allow Movie acl allow_sex src "/etc/squid/allow_sex.txt" # Allow Sex # # Blocked Keys # acl goodkey url_regex "/etc/squid/goodkey.txt" acl proxy url_regex "/etc/squid/proxy.txt" acl social url_regex "/etc/squid/social.txt" acl tutorial url_regex "/etc/squid/tutorial.txt" acl movie url_regex "/etc/squid/movie.txt" acl jobs url_regex "/etc/squid/jobs.txt" acl sex url_regex "/etc/squid/sex.txt" # # Upload/Download Limit # request_body_max_size 2000 KB localinternet !u_unlimited reply_body_max_size 6000 KB localinternet !d_unlimited # # acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed #http_access allow localnet # # Allow all / Allow Good keys http_access allow special http_access allow goodkey # # Allow Proxy Sites # http_access allow allow_proxy proxy # # Allow Social Networking # http_access allow allow_social social # # Allow Tutorials http_access allow allow_tutorial tutorial # # Allow Movie http_access allow allow_movie movie # # Allow Jobs http_access allow allow_jobs jobs # # Allow Sex http_access allow allow_sex sex # # Allow List http_access allow localinternet !proxy !social !tutorial !movie !jobs !sex # # Local Host http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
-
nass about 10 yearstrnsparent proxy should not be connected to VPN in any way, unless you run your vpn server on tcp port 80, which would mess things up in a number of ways (and so you should avoid it). You may have some other (firewall?) problem and you have problems with vpn and outlook express.
-
-
Kumar over 12 years2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:4 unrecognized: 'httpd_accel_host' 2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:5 unrecognized: 'httpd_accel_port' 2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:6 unrecognized: 'httpd_accel_with_proxy' 2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:7 unrecognized: 'httpd_accel_uses_host_header' 2012/01/18 08:39:04| Initializing https proxy context
-
Kumar over 12 yearsGetting about error and squid start getting failed
-
Kumar over 12 yearsThose all are not available for squid 3.1
-
Kumar about 12 years@ Nouman Qaiser, What about iptable rules ? What changes i want to do in iptables ?