![]() # iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j REDIRECT -to-port 3128 Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 using the iptables command # iptables -t nat -A PREROUTING -i eth1 -p tcp -dport 80 -j DNAT -to 192.168.1.1:3128 Here is the complete listing of nf for your reference (grep will remove all comments and sed will remove all empty lines, thanks to David Klein for quick hint ): http_access allow lan: - same as above.http_access allow localhost: Squid access to LAN and localhost ACL only.acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid.httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.httpd_accel_port 80: 80 is port you want to act as a proxy.httpd_accel_host virtual: Squid as an httpd accelerator.Modify or add following squid directives: I am going to configure the proxy server by adding following directives. Step #3: Run scripts and start squid serviceįirst, Squid server installed (use the up2date command to install squid proxy server).b)ğorward all http requests to 3128 (DNAT).Step #1 : Squid configuration so that it will act as a transparent proxy.I left this page up and running for historical reasons. Why? Because HTTPS is designed to prevent “man in the middle” attacks, setting up squid in such for HTTPS is a bad idea because the SQUID will turn into a “man in the middle” attack vector. These days, setting up squid as a transparent proxy makes no sense because of HTTPS. WARNING! This page was initially created in the 2000s when HTTPS was rare.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |