Help - Search - Members - Calendar
Full Version: Configuring Squid Transparent Proxy
Linuxhelp > Support > Technical Support
Corey
I'm trying to setup a squid transparent proxy. So far, the proxy is set up, but i have to manually configure browsers to look for the proxy on port 8080, when i do that it's fine.

So, i went to set it up transparently by adding the following to my firewall:

$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

So, all requesrs for port 80 would silently forward to port 8080. As well, by suggestion of some docs on the net, i also changed a few variables in squid.conf:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

However, when i turn off my proxy settings in my client web-browser (so it can use the transparent method), i get a

QUOTE
ERROR


The requested URL could not be retrieved


While trying to retrieve the URL: /


The following error was encountered:

Invalid URL

Some aspect of the requested URL is incorrect. Possible problems:

Missing or incorrect access protocol (should be `http://'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed

Your cache administrator is root.


Generated Fri, 05 Mar 2004 02:03:23 GMT by gateway (squid/2.5.STABLE1-20030121)


No matter what the website i put in. This is a Mandrake 9.2 box. Any suggestions accepted smile.gif
Robert83
Hi,

this might help...

!!! http://www.os4schools.net/index.php?link=squid.html !!!



and that is a great idea, forfarding port 80 to 8080, this way noone can cheat the proxy... smile.gif smile.gif, I'll do it to smile.gif


Sincerely
Robert B
Corey
Yeah, what's the real point of a proxy if everyone can cheat on it, well,except for the caching part, but even that won't work well if half the network is by-passing the proxy for web access. Thanks for your help, when I get home, i'll check it out.
Robert83
Hi,

I've started to configure the my squid proxy server, the way , it's mentioned on that site...


here are the error lines :

error : use this :
httpd_accel_host ---> httpd_accel_host virtual
virtual httpd_accel_port ---> httpd_accel_port 80


And if you managed to get reference_age 1 week [for example] working tell me how, I've read that it requires LRU to be used, but where to set it? have you found the command for that? or does it need to be installed with some LRU[blablabla] command ?

Sincerely
Robert B
Termina
Is there a way, with squid, to use the proxy via HTTP and NOT have to go to tools - internet options. etc? (In IE, that is).

I'd like to, from any computer, just type in:

http://mysite.com/proxy.php?www.blach.com

Or whatever. happy.gif If so, anyone have a site that would tell me where to start?
Robert83
Hi,

you forward port 80 to port [in my case] 3228 with Iptables, and then you will not have to use in IE tools etc..., note : I don't haven't seen any site in usa, and other countries [yet...], that uses port 8080 for https, but I don't recomend using it for the proxy, since here in yu, for example teleport.co.yu uses 8080 for their https [webmail] smile.gif, and some sites will have troubles with transparent proxy.

And be sure to read the Squid configuration guide, on the Squid site, the part about forcing IE 5.5 refresh to make sure IE 5.5 users will get always fresh content, you'll loose 10% of you're total hit's...



Sincerely
Robert B
Termina
If I forward port 80 to that port, then won't it only work on the computers in my LAN? biggrin.gif
Corey
> If I forward port 80 to that port, then won't it only work on the computers in my LAN?

Well, that's kind of the point. All http requests from inside the lan get forwarded to the proxy so that it can cache the page, or retrive a previously cached page. I wouldn't want anyone from the outside having access to this cache because it could cause a potential security risk.
Termina
Sorry, I didn't make myself clear. XD

I'd like to have a proxy that I can use remotely (From school/work, say).

When searching for essays and such, I often find the page blocked. =/ I would like to set up a proxy at home to bypass this. happy.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.