mirror of https://github.com/tLDP/LDP
updated
This commit is contained in:
parent
e7e11790ad
commit
ad35ae7034
|
@ -4,7 +4,7 @@
|
|||
|
||||
<title>Transparent Proxy with Linux and Squid mini-HOWTO</title>
|
||||
<author>Daniel Kiracofe</author>
|
||||
<date>v1.5, May 2001</date>
|
||||
<date>v1.6, May 2001</date>
|
||||
<abstract>
|
||||
This document provides information on how to setup a transparent caching
|
||||
HTTP proxy server using only Linux and squid.
|
||||
|
@ -118,10 +118,10 @@ A cleaner solution is to get a web proxy that is aware of transparent proxying
|
|||
<sect1>
|
||||
Scope of this document
|
||||
<p>
|
||||
This document will focus on squid version 2.3 and linux kernel version
|
||||
2.4, the most current stable releases as of this writing (Jan 2001). It should
|
||||
also work with squids as early as 2.0, and most of the later 2.3 kernels.
|
||||
If you need information about earlier releases, you may find some earlier
|
||||
This document will focus on squid version 2.4 and linux kernel version
|
||||
2.4, the most current stable releases as of this writing (May 2001). It should
|
||||
also work with most of the later 2.3 kernels. If you need information about
|
||||
earlier releases of squid or linux, you may find some earlier
|
||||
documents at <htmlurl url="http://www.unxsoft.com" name="www.unxsoft.com">.
|
||||
</p>
|
||||
<p>
|
||||
|
@ -195,11 +195,14 @@ Setting up squid
|
|||
Now, we need to get squid up and running. Download the latest source tarball
|
||||
from <htmlurl url="http://www.squid-cache.org" name="www.squid-cache.org">.
|
||||
Make sure you get a STABLE version, not a DEVEL version.
|
||||
The latest as of this writing was squid-2.3.STABLE4.tar.gz.
|
||||
The latest as of this writing was squid-2.4.STABLE1.tar.gz. Note that AFAIK, you must have squid-2.4 for linux kernel 2.4. The reason is that the
|
||||
mechanism by which the process determines the original destination address
|
||||
has changed from linux 2.2, and only squid-2.4 has this new code in it. (For those of you who are interested, previously the getsockname() call was hacked to provide the original destination address, but now the call is getsockopt() with a level of SOL_IP and an option of SO_ORIGINAL_DST).
|
||||
</p>
|
||||
<p>
|
||||
Now, untar and gunzip the archive (use ``tar -xzf <filename>'').
|
||||
Run the autoconfiguration script (``./configure''), compile (``make'') and
|
||||
Run the autoconfiguration script and tell it to include netfilter code
|
||||
(``./configure --enable-linux-netfilter''), compile (``make'') and
|
||||
then install (``make install'').
|
||||
</p>
|
||||
<p>
|
||||
|
@ -268,11 +271,10 @@ iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 31
|
|||
</itemize>
|
||||
</p><p>
|
||||
You will want to add the above commands to your appropriate bootup script
|
||||
under /etc/rc.d/. Readers upgrading from 2.2 kernels should note that,
|
||||
as far as the author can tell, this is the only command needed. 2.2 kernels
|
||||
required two extra commands in order to prevent forwarding loops. The
|
||||
author was unable to generate any loops. If anyone can generate a forwarding
|
||||
loop using this rule, please send an e-mail to drk@unxsoft.com.
|
||||
under /etc/rc.d/. Readers upgrading from 2.2 kernels should note that
|
||||
this is the only command needed. 2.2 kernels required two extra commands
|
||||
in order to prevent forwarding loops. The infastructure of netfilter is
|
||||
much nicer, and only this command is needed.
|
||||
</p>
|
||||
|
||||
<sect>
|
||||
|
|
Loading…
Reference in New Issue