[Linux] Squid.. and transparent caching.

Michael Marschall mmarschall@voicerite.com
Thu, 12 Oct 2000 11:57:58 -0400 

Like this:


Linux morpheus 2.2.16 #6 Sun Mar 26 17:23:00 EST 2000 i686 unknown

# This is for transparent proxy with SQUID
/sbin/ipchains -A input -i eth0 -p TCP -s $INTNET -d 127.0.0.1/24 3128
-j ACCEPT
/sbin/ipchains -A input -i eth0 -p TCP -s $INTNET -d 192.168.1.1 3128 -j
ACCEPT
/sbin/ipchains -A input -i eth0 -p TCP -s $INTNET -d 0/0 www -j REDIRECT
3128

The above entry would go in your rc.firewall file (or which ever init
script you are executing ipchains from). This basically says you can do
either or (seemless or manual redirect). The first line accepts any
redirected traffic from localhost to 3128. The second accepts any
traffic from the internal network to 3128 (which you seem to be familiar
with) the third line redirects the traffic coming into the firewall on
port 80 from the internal network to port 3128.

I have this setup for my network and it works great.  This is obviously
not my entire firwall init script but I think you get the idea. Ipchains
does allow you to redirect input from one port to another.


Michael

"pcmike (Michael Nunes)" wrote:

> Dear Group/Flux,     I was just told to email you guys regarding this
> issue/question, so I don't know if this is a email msgboard or
> what.     Anyhow, the question is this.. We have 200+ computers on a
> fiber network.  The first computer on the network is the Linux box
> which is a 'firewall,' ip masqueraing box, and whatever else may be
> needed to keep people from gaining access to the internal network,
> etc.  The second computer is a Windows 2000 server, which is there to
> act as a DHCP server and as a terminal server, and anything else that
> might arise that is vital to the network.  The thing is this in order
> to reduce the utilization of our T1, we would like to cache web
> related content, since half of the students/faculty will visit the
> same site(s) as each other.  What we have done so far is to implement
> squid on the Linux box, and we have it working to a point.  The
> problem we are having is this.. we don't want clients to have to
> configure their browsers in order to use the proxy, we want it to be
> 'transparent.'  So the thing is, how do we re-route local outbound
> traffic on/destined for port 80 on the linux box, back to a local port
> (squid's port) on the linux box?  I've looked all over to figure this
> out, and so far the only people that have been successful are people
> running 2.0.29 and using ipfw, which obviously isn't feasible now in
> days.  Any help on this matter would be appreicated, and any other way
> of doing something similiar to what we want to would also be very much
> appreciated. Thanks,Michael Nunes -- pcmike@doorstop.org P.S. The
> spelling/grammer may be off, sorry.

--
-==================================-
 Michael Marschall
 Infrastructure Manager
 VoiceRite, Inc.
 7725 NW 48th St.
 Miami, Florida 33166
 Phone / Fax / Pager : 305 436 1574
-==================================-