hi
I have some in squid transparent proxy......
what i use : iptables,redhat linux 8.0,squid 2.4
stable v7
my current setup : SERVER BOX ( contains
SQUID,APACHE,PHP,MYSQL,IPTABLES,BANDWIDTH CONTROL)
IP 1 : 172.16.100.4 ( INTERNET
LANCARD )
IP 2 : 10.0.0.1 (internal
network CARD )
What i want : i want to use transparent proxy. but i
want all my users to authenticate.in short if my user
is not logged in and when he types any url he should
be presented with a login page (php and mysql) where
my user will enter his login name and password. and if
he is logged in he can use internet
what i did :
Squid.conf
http_port 8080
icp_port 3130
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /var/spool/squid 250 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
#Set these if you want your proxy to work in a
transparent way.
#Transparent proxy means you generally don't have to
configure all
#your client's browsers, but hase some drawbacks too.
#Leaving these uncommented won't do any harm.
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_mgr
hitesh@hylix.com
cache_effective_user squid
cache_effective_group squid
visible_hostname c-systems
IPTABLES FIREWALL
IPTABLES=/sbin/iptables
EX_ETH=eth0 #
External Interface
IN_ETH=eth1 #
Local Interface
LOCAL_IP=10.0.0.2 #
Local Host IP
LOCAL_NET=10.0.0.0/8 #
Local Network
EXTERNAL_NET=172.16.0.0/24 #
External Network
PROXY_IP=10.0.0.2 #
Proxy Server IP
PROXY_PORT=8080 #
Proxy Server Port No
P_PORTS="0:1023"
UP_PORTS="1024:65535"
TR_SRC_PORTS="32769:65535"
TR_DST_PORTS="33434:33523"
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
# Masquerade
$IPTABLES -t nat -A POSTROUTING -o $EX_ETH -j
MASQUERADE
# Turn on IP forwarding
echo '1' > /proc/sys/net/ipv4/ip_forward
# IF U GET IP_CONNTRAC ERROR USE THIS ELSE REMOVE
echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max
## load modules
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Transparent Proxy
$IPTABLES -t nat -A PREROUTING -i $IN_ETH -p tcp
--dport 80 -j REDIRECT --to-port $PROXY_PORT
and some security setttings rules for death of ping
etc