Answer the question
In order to leave comments, you need to log in
How to set up a transparent proxy for Squid 3.5 via iptables?
Good afternoon. I'm just getting started with linux systems. It costs Ubuntu 18.04.
The task is to set up a proxy server. I configured squid on port 3128, when you specify the port, the Internet works.
SQUID set from the repository.
There was a moment that not all programs, especially console ones, are friendly with proxy settings.
Please help with advice on how to make these programs access the Internet?
I read about a transparent proxy, I don’t understand, in version 3.5 it is necessary to specify http_port 3128 transparent or is it still intercept? Or you don’t need to specify it at all, everything is done only through iptables ...
I read that it is necessary to forward port 80 to 3128. In all articles this is described in different ways, somewhere in one command, where there are many commands written in the script.
I tried different options, it will work, but not on all sites, like after one, then the machine stops working in general ...
Please help me figure it out.
squid settings
acl SSL_ports port 443 563 5190 5222 5223 6667-7000 10000
# БЕЗОПАСНЫЕ ПОРТЫ
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 25 # smtp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 26000 # wais
acl Safe_ports port 26062 # rustserver
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl lan src 192.168.30.1-192.168.30.255
acl CONNECT method CONNECT
#Файлы в каталогах cgi-bins кэшироваться не будут.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# Список DNS серверов(IP адреса), которые будут использоваться вместо тех, что определены в /etc/resolv.conf файле
dns_nameservers 77.88.8.7 77.88.8.3 192.168.30.200 192.168.10.200 192.168.10.250
# Запретить доступ к портам, отсутствующим в списке выше
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
#открывет доступ всей подсети
http_access allow lan
http_port 3128 intercept
http_port 192.168.30.1:3128 transparent
# CACHE SETTINGS
cache_mem 4096 MB
maximum_object_size 64000 KB
#Максимальный размер объекта, сохраняемого в оперативной памяти
maximum_object_size_in_memory 512 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir ufs /var/spool/squid 32000 16 256
coredump_dir /var/spool/squid
#Нулевое время жизни для динамического контента
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
# TUNNUNG HHTP HEADERS
refresh_pattern -i ^http://thumbs.ebay.com 2880 50% 43200 ignore-reload override-expire override-lastmod
refresh_pattern -i ^http://include.ebaystatic.com 2880 50% 43200 ignore-reload override-expire override-lastmod
refresh_pattern -i \.swf 2880 50% 43200 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(gif|jpeg|png|ico|zip|rar|arj|lha|lzh|cab|exe|wm[afv]|divx|avi|flv|fmv|rlv|r[ma]|mpeg|mp[234]|wav|mid|pdf|bz2|tgz|ppt|avc|klb|tar\.gz|tgz|tar\.bz2|tbz2) 2880 50% 43200 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(gif|jpe?g|png|ico|zip|rar|arj|lha|lzh|cab|exe|wm[afv]|divx|avi|r[ma]|mpe?g|mp[234]|wav|mid|pdf|bz2|tgz|ppt|avc|klb|tar\.gz|tgz|tar\.bz2|tbz2) 2880 50% 43200 override-expire override-lastmod
# LiveJournal
refresh_pattern livejournal\.com/userpic/ 3200 100% 43200 ignore-reload override-expire override-lastmod
refresh_pattern stat\.livejournal\.com/ 3200 100% 43200 ignore-reload override-expire override-lastmod
refresh_pattern userpic\.livejournal\.com/ 3200 100% 43200 ignore-reload override-expire override-lastmod
refresh_pattern pics\.livejournal\.com/ 21600 100% 43200 ignore-reload override-expire override-lastmod
# Fishki.net static content
refresh_pattern ru\.fishki\.net/ 21600 100% 43200 ignore-reload override-expire override-lastmod
refresh_pattern de\.fishki\.net/ 21600 100% 43200 ignore-reload override-expire override-lastmod
# Photofile.ru
refresh_pattern photofile\.ru/photo/ 21600 100% 43200 ignore-reload override-expire override-lastmod
refresh_pattern -i mode=attach|MessagePart|/simg/ 600000 50% 1200000
refresh_pattern -i /top100\.cnt 43200 100% 43200
refresh_pattern -i /(counter|hit|erle\.cgi|bb\.cgi)$ 43200 100% 43200
# Macromedia/Adobe Flash player
refresh_pattern macromedia.com/.*\.(cab|exe|zip)$ 43200 100% 43200
# Windows Update
refresh_pattern windowsupdate.com/.*\.(cab|exe|zip|psf)$ 43200 100% 43200
refresh_pattern download.microsoft.com/.*\.(cab|exe|zip|psf)$ 43200 100% 43200
refresh_pattern -i \.(cgi|asp|php|fcgi|rbx|rhtml) 0 20% 60
# Google
# google maps/earth/etc = min 7 days
refresh_pattern -i google\.com/(flatfile|kh|mt)\? 10080 50% 43200 ignore-reload override-expire override-lastmod
# VKontakte.ru
refresh_pattern vk.ru/.*\.(jpg|gif|flv|mp3)$ 43200 50% 43200
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern \? 0 20% 4320
refresh_pattern . 5 20% 4320
# Fast shutdown
shutdown_lifetime 1 second
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:3f:0b:b6:2b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 83.146.113.23 netmask 255.255.255.128 broadcast 83.146.113.127
inet6 fe80::280:48ff:fe28:f20c prefixlen 64 scopeid 0x20<link>
ether 00:80:48:28:f2:0c txqueuelen 1000 (Ethernet)
RX packets 1113 bytes 593624 (593.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1450 bytes 647881 (647.8 KB)
TX errors 0 dropped 0 overruns 4 carrier 0 collisions 0
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.30.1 netmask 255.255.0.0 broadcast 192.168.255.255
inet6 fe80::922b:34ff:fe33:ba32 prefixlen 64 scopeid 0x20<link>
ether 90:2b:34:33:ba:32 txqueuelen 1000 (Ethernet)
RX packets 2096 bytes 192115 (192.1 KB)
RX errors 0 dropped 193 overruns 0 frame 0
TX packets 418 bytes 116467 (116.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 1 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 342 bytes 67368 (67.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 342 bytes 67368 (67.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Answer the question
In order to leave comments, you need to log in
In squid config:
http_port 192.168.30.1:3128
http_port 192.168.30.1:3129 intercept
I tried to do according to the article Creating a transparent proxy , iptables commands are not taken, swears Bad argument `192.168.30.1'
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question