Hi,
I have build squid proxy(transpranet proxy) and we are using Cisco Pix 506 firewall. How to divert the traffic to squid box.
withouth changing settings for user.
Regards,
Manjunath
Squid Transparent proxy
Hi,
I have build squid proxy(transpranet proxy) and we are using Cisco Pix 506 firewall. How to divert the traffic to squid box.
withouth changing settings for user.
Regards,
Manjunath
you should create access control list in your cisco router, which will direct all requested traffic to your transparent proxy server...
Hello,
I don't know what actually you are looking for...
My setup, The Internet link terminates on Router <--> PIX(Inside int) < -- > Squid <--> Lan. On the the Squid box using IPtables divert all port 80 to Squid. You can add SquidGuard for content filter and use shorewall to config Iptables...This freewares are working fantastically..
regards,
Babu
squid transparent proxy
Hi, here are the steps for squid transparent proxy:
STEP I
For transparent proxy we need the following in squid.conf
http_port 3128 transparent
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
STEP-2
IPTABLE Configuration:
Enter the following lines in file "/etc/rc.local" at the bottom.
#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Don't forward from the outside to the inside.
#iptables -A FORWARD -i eth0 -o eth0 -j REJECT
# Enable routing.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward
Originally Posted by manjusa
pkuleshwar_bit, I think this would work for an iptables firewall, but not for a Cisco PIX. This link explains the process in more detail.
Posting Permissions
Reply With Quote
Bookmarks