Hello,
I have a machine which connects directly to internet using ADSL Modem.
Operating System is Fedora Core 2.
I want to setup a squid proxy server to test certain scenarios for a
bug-fix I am working on.
Squid version in my system is Version 2.5.STABLE6

Following is my squid configuration:
----
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
client_netmask 255.255.255.0
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl intranet src 192.168.1.0/24
cache_dir null /tmp
http_access allow intranet
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all
visible_hostname goofy.goofy.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
---

With this configuration, I am able to Proxy + Cache the requests when
Browser is set to goofy.goofy.com:3128 ( My local machine, that is the
same machine).

But my problem is, I am able to directly connect to Internet also.
BOTH are working!
I want the connection to Internet happen only through Proxy. I don't
want Direct Internet connection to work. How do I do that?

I also tried the suggestions with iptables mentioned here:
http://www.cyberciti.biz/tips/linux-...uid-howto.html
But that did not help.

Any suggestions?

Thanks,
Senthil

Hello,

O.R.Senthil Kumaran a écrit :
> Hello,
> I have a machine which connects directly to internet using ADSL Modem.
> Operating System is Fedora Core 2.
> I want to setup a squid proxy server to test certain scenarios for a
> bug-fix I am working on.
[...]
> With this configuration, I am able to Proxy + Cache the requests when
> Browser is set to goofy.goofy.com:3128 ( My local machine, that is the
> same machine).
>
> But my problem is, I am able to directly connect to Internet also.
> BOTH are working!

Of course.

> I want the connection to Internet happen only through Proxy. I don't
> want Direct Internet connection to work. How do I do that?

So you want squid to act as a transparent proxy for locally generated
HTTP connections.

> I also tried the suggestions with iptables mentioned here:
> http://www.cyberciti.biz/tips/linux-...uid-howto.html
> But that did not help.

This page describes the setup for a transparent proxy on the gateway,
not on the local host. You need iptables to redirect local outgoing HTTP
connections, except those coming from the proxy itself (otherwise it'll
cause an endless loop).

iptables -t nat -A OUTPUT -p tcp --dport 80 \
-m owner ! --uid-owner <squid> -j REDIRECT --to-port 3128

or maybe

iptables -t nat -A OUTPUT -p tcp --dport 80 \
-m owner ! --uid-owner <squid> -j DNAT --to goofy.goofy.com:3128

where <squid> must be replaced with the owner of the squid process. Note
that neither the user nor the process may be named "squid".