Hi, I changed the iptables still no luck :( but I am using squid 3.3 only can I didn't understand why you have configured 3129 ,3130 and 3128 port?
On Wed, Jun 3, 2015 at 1:04 PM, Klavs Klavsen <k...@vsen.dk> wrote: > Your client needs to use your squid server as default gateway. > > And then you need the iptables rules I wrote about to direct traffic into > squid for certain ports. > > Reet Vyas wrote on 06/03/2015 08:50 AM: > >> Hi >> >> Thanks for reply. As of now we don't have router I have directly >> connected my machine to internet and other to LAN and I have configured >> client machine ubuntu to test squid which is in switch where other users >> are connected using gateway of router 192.168.0.1. >> >> I read your valuable suggestions, but I still confused with IPtables and >> squid 3.3 setting ,transparent and intercept options . >> >> root@squid:/home/squid# ip addr show >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >> group default >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo >> valid_lft forever preferred_lft forever >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> state UP group default qlen 1000 >> link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff >> inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0 >> valid_lft forever preferred_lft forever >> inet6 fe80::21e:67ff:fecf:5974/64 scope link >> valid_lft forever preferred_lft forever >> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> state UP group default qlen 1000 >> link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff >> inet 192.168.0.200/24 <http://192.168.0.200/24> brd 192.168.0.255 >> scope global eth1 >> valid_lft forever preferred_lft forever >> inet6 fe80::21e:67ff:fecf:5975/64 scope link >> valid_lft forever preferred_lft forever >> >> root@squid:/home/squid# ip -4 route show >> default via 116.72.152.1 dev eth0 >> 116.72.152.0/22 <http://116.72.152.0/22> dev eth0 proto kernel scope >> link src 116.72.152.37 >> 192.168.0.0/24 <http://192.168.0.0/24> dev eth1 proto kernel scope >> link src 192.168.0.200 >> >> >> >> >> >> To use transparent/intercept what I have to set in my config file >> http_port 3128 intercept or transparent >> >> and Iptables rules , I have tried this rules >> >> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect >> >> But not working >> >> Can you please tell me the firewall rules and let me know why my >> firewall rules are not working. >> >> On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <k...@vsen.dk >> <mailto:k...@vsen.dk>> wrote: >> >> Amos Jeffries wrote on 06/02/2015 04:34 PM: >> >> On 3/06/2015 1:20 a.m., Klavs Klavsen wrote: >> >> I have this in my squid server for it to work: >> >> >> The key words there are ... *in my Squid server* >> >> indeed :) >> >> >> NOTE to Klavs: >> loading the "multiport" kernel module seems overkill for a >> single-port >> match. >> >> it's puppets firewall module.. haven't had enough time to fix that >> module :) >> >> >> FYI: DONT_VERIFY_PEER, "always_direct allow all", and >> "slproxy_cert_error allow all" have not been good ideas since 3.2. >> dont-verify actually inhibits the Mimic functions which give >> server-first bumping most of its usefulness. >> >> Thank you for those tips. >> >> -- >> Regards, >> Klavs Klavsen, GSEC - k...@vsen.dk <mailto:k...@vsen.dk> - >> http://www.vsen.dk - Tlf. 61281200 >> >> "Those who do not understand Unix are condemned to reinvent it, >> poorly." >> --Henry Spencer >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> <mailto:squid-users@lists.squid-cache.org> >> http://lists.squid-cache.org/listinfo/squid-users >> >> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> > > -- > Regards, > Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 > > "Those who do not understand Unix are condemned to reinvent it, poorly." > --Henry Spencer > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
