aloknet21
asked on
how to setup squid in RHEL 5
i have install RHEL 5 with 2 lan card configured eth1 for public ip
eth0 for LAN ip
now i want to setup squid proxy so that user on my lan can access internet with FTP, RDP and so on.
eth0 for LAN ip
now i want to setup squid proxy so that user on my lan can access internet with FTP, RDP and so on.
ASKER
no i have not done masquarade in iptables. currently iptables is off. how to enable this option ?
have a look to this one , just change the IP as you need eth1 and eho2
http://fosiul.co.uk/KnowledgeCategories.php?CID=79
you can start iptables liek this
service iptables start or service iptables restart
it will show you someting like this
-bash-3.2# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
http://fosiul.co.uk/KnowledgeCategories.php?CID=79
you can start iptables liek this
service iptables start or service iptables restart
it will show you someting like this
-bash-3.2# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
ASKER
my public ip is 210.x.x.x
subnet is 255.255.255.252
gateway is 210.x.x.13
DNS is 203.x.x.x
local ip is 10.50.3.93
subnet is 255.255.252.0
gateway should be ?
DNS is ? for local lan
subnet is 255.255.255.252
gateway is 210.x.x.13
DNS is 203.x.x.x
local ip is 10.50.3.93
subnet is 255.255.252.0
gateway should be ?
DNS is ? for local lan
at first tel me
what Ip eth0 is getting
and what Ip eth1 is getting
better past the output of
ifconfig
here
what Ip eth0 is getting
and what Ip eth1 is getting
better past the output of
ifconfig
here
ASKER
[root@squid ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:E8:50:0A:5F
inet addr:10.50.3.92 Bcast:10.50.3.255 Mask:255.255.252.0
inet6 addr: fe80::200:e8ff:fe50:a5f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48236 errors:0 dropped:0 overruns:0 frame:0
TX packets:272 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7430032 (7.0 MiB) TX bytes:33953 (33.1 KiB)
Interrupt:137 Base address:0xc000
eth1 Link encap:Ethernet HWaddr 00:50:BA:CD:60:38
inet addr:210.7.74.14 Bcast:210.7.74.15 Mask:255.255.255.252
inet6 addr: fe80::250:baff:fecd:6038/6 4 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50299 errors:0 dropped:0 overruns:0 frame:0
TX packets:3018 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9628812 (9.1 MiB) TX bytes:517090 (504.9 KiB)
Interrupt:153 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10666 errors:0 dropped:0 overruns:0 frame:0
TX packets:10666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13762143 (13.1 MiB) TX bytes:13762143 (13.1 MiB)
eth0 Link encap:Ethernet HWaddr 00:00:E8:50:0A:5F
inet addr:10.50.3.92 Bcast:10.50.3.255 Mask:255.255.252.0
inet6 addr: fe80::200:e8ff:fe50:a5f/64
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48236 errors:0 dropped:0 overruns:0 frame:0
TX packets:272 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7430032 (7.0 MiB) TX bytes:33953 (33.1 KiB)
Interrupt:137 Base address:0xc000
eth1 Link encap:Ethernet HWaddr 00:50:BA:CD:60:38
inet addr:210.7.74.14 Bcast:210.7.74.15 Mask:255.255.255.252
inet6 addr: fe80::250:baff:fecd:6038/6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50299 errors:0 dropped:0 overruns:0 frame:0
TX packets:3018 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9628812 (9.1 MiB) TX bytes:517090 (504.9 KiB)
Interrupt:153 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10666 errors:0 dropped:0 overruns:0 frame:0
TX packets:10666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13762143 (13.1 MiB) TX bytes:13762143 (13.1 MiB)
Ok so eth1 is conected to Isp
and eth0 is connected is internal network
Check if IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forw ard
if result = 0 then will have to On it by this command :
echo "1" > /proc/sys/net/ipv4/ip_forw ard
Now have to enable Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[ Now all internet request will go via eth1]
Now Test from a Client Pc to see if client pc can ping any out side world
here Client pc will get ip from eth0 , so Ip of client pc would be 10.50.3.X
ping www.google.com
NOte : you should of spilit this question in 2 , because 1)you need to share internet betwenn gateway and client pc
2) then squid setup
and eth0 is connected is internal network
Check if IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forw
if result = 0 then will have to On it by this command :
echo "1" > /proc/sys/net/ipv4/ip_forw
Now have to enable Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[ Now all internet request will go via eth1]
Now Test from a Client Pc to see if client pc can ping any out side world
here Client pc will get ip from eth0 , so Ip of client pc would be 10.50.3.X
ping www.google.com
NOte : you should of spilit this question in 2 , because 1)you need to share internet betwenn gateway and client pc
2) then squid setup
ASKER
Now I have configured squid according to ur steps but squid is not working..
Access log below..
[root@squid ~]# tail -f /var/log/squid/access.log
1234177100.798 706 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/buttonViewThisQuestion.gif - DIRECT/64.156.132.140 -
1234177100.808 657 10.50.3.89 TCP_MISS/304 279 GET https://www.experts-exchange.com/images/email/bodyBG_guylistening.gif - DIRECT/64.156.132.140 -
1234177103.368 310 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/eeLogo2.gif - DIRECT/64.156.132.140 -
1234177104.098 585 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/eeLogo2.gif - DIRECT/64.156.132.140 -
1234177104.108 329 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/buttonViewThisQuestion.gif - DIRECT/64.156.132.140 -
1234177104.429 646 10.50.3.89 TCP_MISS/304 279 GET https://www.experts-exchange.com/images/email/bodyBG_guylistening.gif - DIRECT/64.156.132.140 -
Access log below..
[root@squid ~]# tail -f /var/log/squid/access.log
1234177100.798 706 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/buttonViewThisQuestion.gif - DIRECT/64.156.132.140 -
1234177100.808 657 10.50.3.89 TCP_MISS/304 279 GET https://www.experts-exchange.com/images/email/bodyBG_guylistening.gif - DIRECT/64.156.132.140 -
1234177103.368 310 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/eeLogo2.gif - DIRECT/64.156.132.140 -
1234177104.098 585 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/eeLogo2.gif - DIRECT/64.156.132.140 -
1234177104.108 329 10.50.3.89 TCP_MISS/304 278 GET https://www.experts-exchange.com/images/email/buttonViewThisQuestion.gif - DIRECT/64.156.132.140 -
1234177104.429 646 10.50.3.89 TCP_MISS/304 279 GET https://www.experts-exchange.com/images/email/bodyBG_guylistening.gif - DIRECT/64.156.132.140 -
Ok have you followed by previous post about Iptables and the tutorial i have sent
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
Note : for squid you need to forward port from 80 to 3128 , did you do all these ??
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
Note : for squid you need to forward port from 80 to 3128 , did you do all these ??
ASKER
Attached is squid conf file.
Please suggest.
Please suggest.
ASKER
Yes We did all that u told...
ASKER
Now Should i enable proxy on client side as 10.50.3.92:3128
At first, have you done everything ??
and also your htttpd.conf is not attached
and also your htttpd.conf is not attached
ASKER
now squid is working on port 8080 that we have assign.
Thanx for this help..
But ping is not working and we are not able to connect external ftp from client site from web browser.
ftp is noly accessing through leech ftp but directory listing is not permited by squid.
please suggest
Error is :
Thanx for this help..
But ping is not working and we are not able to connect external ftp from client site from web browser.
ftp is noly accessing through leech ftp but directory listing is not permited by squid.
please suggest
Error is :
so you saying
now you can browse by using squid ??
now you can browse by using squid ??
ASKER
yes .
But ftp is not connecting through browser. But able to connect through ftp clint software i.e . leach, ftp.
and also not able to ping any site from client pc.
But ftp is not connecting through browser. But able to connect through ftp clint software i.e . leach, ftp.
and also not able to ping any site from client pc.
for this one , please open anotehr qustion
But ftp is not connecting through browser. But able to connect through ftp clint software i.e . leach, ftp.
but for ping problem you need to add this line in iptables
Edit your iptables files which should be in /etc/sysconfig/iptables
add this
A RH-Firewall-1-INPUT -d 192.168.2.1 -p udp -m udp --dport 53 -j ACCEPT
or
or from command line
IPtables -A input -p udp --dport 53 -j ACCEPT
but before that check the output of iptables file[ /etc/sysconfig/iptables] see you got RH or just normal iptables rules
But ftp is not connecting through browser. But able to connect through ftp clint software i.e . leach, ftp.
but for ping problem you need to add this line in iptables
Edit your iptables files which should be in /etc/sysconfig/iptables
add this
A RH-Firewall-1-INPUT -d 192.168.2.1 -p udp -m udp --dport 53 -j ACCEPT
or
or from command line
IPtables -A input -p udp --dport 53 -j ACCEPT
but before that check the output of iptables file[ /etc/sysconfig/iptables] see you got RH or just normal iptables rules
ASKER
see the output of iptables
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [1:56]
:OUTPUT ACCEPT [2027:581753]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Mon Feb 9 16:33:40 2009
# Generated by iptables-save v1.3.5 on Mon Feb 9 16:33:40 2009
*nat
:PREROUTING ACCEPT [4575:645139]
:POSTROUTING ACCEPT [1:32]
:OUTPUT ACCEPT [210:12720]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 210.7.74.14:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Mon Feb 9 16:33:40 2009
# Generated by iptables-save v1.3.5 on Mon Feb 9 16:33:40 2009
*mangle
:PREROUTING ACCEPT [13652:3762350]
:INPUT ACCEPT [13526:3748329]
:FORWARD ACCEPT [82:3215]
:OUTPUT ACCEPT [2068:585083]
:POSTROUTING ACCEPT [2156:588490]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [1:56]
:OUTPUT ACCEPT [2027:581753]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Mon Feb 9 16:33:40 2009
# Generated by iptables-save v1.3.5 on Mon Feb 9 16:33:40 2009
*nat
:PREROUTING ACCEPT [4575:645139]
:POSTROUTING ACCEPT [1:32]
:OUTPUT ACCEPT [210:12720]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 210.7.74.14:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Mon Feb 9 16:33:40 2009
# Generated by iptables-save v1.3.5 on Mon Feb 9 16:33:40 2009
*mangle
:PREROUTING ACCEPT [13652:3762350]
:INPUT ACCEPT [13526:3748329]
:FORWARD ACCEPT [82:3215]
:OUTPUT ACCEPT [2068:585083]
:POSTROUTING ACCEPT [2156:588490]
COMMIT
ASKER
Where i have to put below line in my iptables file
A RH-Firewall-1-INPUT -d 192.168.2.1 -p udp -m udp --dport 53 -j ACCEPT
A RH-Firewall-1-INPUT -d 192.168.2.1 -p udp -m udp --dport 53 -j ACCEPT
ok runt this one
IPtables -A input -p udp --dport 53 -j ACCEPT
but one thing is wired
you have this one
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
but you are trying to access squid port 8080 !!!
so currently you are not doing transparent proxy is not it ??
if in future you want to do transparent proxy,
change this line
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
to
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
IPtables -A input -p udp --dport 53 -j ACCEPT
but one thing is wired
you have this one
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
but you are trying to access squid port 8080 !!!
so currently you are not doing transparent proxy is not it ??
if in future you want to do transparent proxy,
change this line
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
to
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
also for ftp problrem
check if you have these 2 lines in squid.conf or not
acl ftp proto FTP
http_access allow ftp
check if you have these 2 lines in squid.conf or not
acl ftp proto FTP
http_access allow ftp
ASKER
when we restart squid services we seem these line...
[root@squid ~]# service squid restart
Stopping squid: 2009/02/09 17:15:49| parseConfigFile: line 2948 unrecognized: 'httpd_accel_host virtual'
2009/02/09 17:15:49| parseConfigFile: line 2949 unrecognized: 'httpd_accel_port 80'
2009/02/09 17:15:49| parseConfigFile: line 2950 unrecognized: 'httpd_accel_with_proxy on'
2009/02/09 17:15:49| parseConfigFile: line 2951 unrecognized: 'httpd_accel_uses_host_hea der on'
............... [ OK ]
Starting squid: .. [ OK ]
Plz suggest>>>
[root@squid ~]# service squid restart
Stopping squid: 2009/02/09 17:15:49| parseConfigFile: line 2948 unrecognized: 'httpd_accel_host virtual'
2009/02/09 17:15:49| parseConfigFile: line 2949 unrecognized: 'httpd_accel_port 80'
2009/02/09 17:15:49| parseConfigFile: line 2950 unrecognized: 'httpd_accel_with_proxy on'
2009/02/09 17:15:49| parseConfigFile: line 2951 unrecognized: 'httpd_accel_uses_host_hea
............... [ OK ]
Starting squid: .. [ OK ]
Plz suggest>>>
whats the output of
grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
and can you attached the squid.conf file here
grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
and can you attached the squid.conf file here
ASKER
ouput of this command is here
[root@squid ~]# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
authenticate_ip_ttl 1 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl ncsa_users proxy_auth REQUIRED
acl alok src 10.50.3.89 10.50.3.90 10.50.0.214 10.50.3.41
acl abhi max_user_ip -s 1
acl restrict dstdomain .yahoo.com .orkut.com .gmail.com .aol.com .rediffmail.com .msn.com .naukri.com .timesjobs.com .monsterindia.com .freshers.com .in.com .wayn.com .hi5.com .facebook.com .ibibo.com .myspace.com
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow alok
http_access deny abhi
http_access deny restrict
http_access allow ncsa_users
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_head er on
acl lan src 210.7.74.14 10.50.0.0/22
http_access allow lan
acl FTP proto FTP
always_direct allow FTP
coredump_dir /var/spool/squid
attached is squid conf file..
[root@squid ~]# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
authenticate_ip_ttl 1 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl ncsa_users proxy_auth REQUIRED
acl alok src 10.50.3.89 10.50.3.90 10.50.0.214 10.50.3.41
acl abhi max_user_ip -s 1
acl restrict dstdomain .yahoo.com .orkut.com .gmail.com .aol.com .rediffmail.com .msn.com .naukri.com .timesjobs.com .monsterindia.com .freshers.com .in.com .wayn.com .hi5.com .facebook.com .ibibo.com .myspace.com
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow alok
http_access deny abhi
http_access deny restrict
http_access allow ncsa_users
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_head
acl lan src 210.7.74.14 10.50.0.0/22
http_access allow lan
acl FTP proto FTP
always_direct allow FTP
coredump_dir /var/spool/squid
attached is squid conf file..
but you said, proxy was working fine, so what happended suddently ??
also, after configuring the squid, didnot you restart squid before ??
also, after configuring the squid, didnot you restart squid before ??
ASKER
Yes proxy is working fine..
but at the time of restrat proxy that lines are also appearing..
Why?
but at the time of restrat proxy that lines are also appearing..
Why?
ASKER
Thanx for ur great help for.
working squid configuration file
working squid configuration file
ok,
you can uncommented those line and try again
what happended i am gussing
you are not using transparent proxy, you are typing proxy address by hand in browser is not it ??
but there is someting wrong in your squid configuraiton,
because you using 8080 for proxy address, but its not defined anywhere in squid.conf ...
which is wired
anyway , uncomented those line, and try again,
i will be back after 1 and half hour alter
will see the
you can uncommented those line and try again
what happended i am gussing
you are not using transparent proxy, you are typing proxy address by hand in browser is not it ??
but there is someting wrong in your squid configuraiton,
because you using 8080 for proxy address, but its not defined anywhere in squid.conf ...
which is wired
anyway , uncomented those line, and try again,
i will be back after 1 and half hour alter
will see the
ASKER
i have got solution after consulting this expert
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got the answer. Thanks for Help!
good tutorial
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
but can your internal client pc browse by usign this Server ??
you need to enable masquarde in Iptables [ which i guess you already done ]