Advertisement

03.24.2008 at 11:07AM PDT, ID: 23264762
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.6

Configuring Squid as a gateway for proxy caching

Zones: Linux, Linux Networking
Tags: Squid, Squid, Version 2.6.STABLE17, On Fedora 8 (64Bit)
I am new to Linux and am trying to configure Squid to be the gateway for my network so I can cache web pages.  I am running squid Version 2.6.STABLE17 on Fedora Core 8 (64 Bit).  

I am able to point my browser to Squid (non-transparent) and it works.  When I watch the access.log I can see squid processing the pages and my browser updates with the pages I request.

When I change the default gateway on my switch to the ip address of the inside interface on my squid box (transparent proxy), web pages fail to load in my browser.  However, the access.log in squid does receive the request and logs all of my networks web requests.

My squid box is configured with 2 network interfaces, one internal and one external with the external connected to a firewall.  The squid box is capable of passing packets through the firewall so I'm confident that the firewall is OK.

My goal is to allow the squid box to be my default gateway and pass all web requests through it without configuring individual browsers.  I know my configs don't address the need to pass pop, imap, ssh, telnet and other ports through.  I figured I'd cross those bridges after I got the basics set up but feel free to provide answers for that too (i have a feeling that's an iptables issue).,

Inside:     eth0      10.100.100.19   255.255.255.248
Outside:   eth1      192.168.255.50   255.255.255.252

These are the iptables commands running on the box:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Here's what's enabled in the squid.conf file:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access allow localhost
#http_access deny all
http_access allow all
http_reply_access allow all
icp_access allow all
http_port 10.100.100.19:3128 transparent
cache_dir ufs /mnt/disk2/squid_cache 50000 16 256



Start your free trial to view this solution
Question Stats
Zone: OS
Question Asked By: psysys
Solution Provided By: Nopius
Participating Experts: 2
Solution Grade: A
Views: 45
Translate:
Loading Advertisement...
03.24.2008 at 11:28AM PDT, ID: 21195611
HalldorG:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.24.2008 at 10:05PM PDT, ID: 21199594

Rank: Guru

Nopius:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.24.2008 at 10:08PM PDT, ID: 21199597

Rank: Guru

Nopius:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
20080236-EE-VQP-29 / EE_QW_2_20070628