LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

updated

This commit is contained in:
gferg 2001-05-24 14:06:13 +00:00
parent e7e11790ad
commit ad35ae7034
1 changed files with 303 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
LDP/howto/linuxdoc/TransparentProxy.sgml
View File

@ -4,7 +4,7 @@
<title>Transparent Proxy with Linux and Squid mini-HOWTO</title>
<author>Daniel Kiracofe</author>
<date>v1.5, May 2001</date>
<date>v1.6, May 2001</date>
<abstract>
This document provides information on how to setup a transparent caching
HTTP proxy server using only Linux and squid.
@ -118,10 +118,10 @@ A cleaner solution is to get a web proxy that is aware of transparent proxying
<sect1>
Scope of this document
<p>
This document will focus on squid version 2.3 and linux kernel version
2.4, the most current stable releases as of this writing (Jan 2001). It should
also work with squids as early as 2.0, and most of the later 2.3 kernels.
If you need information about earlier releases, you may find some earlier
This document will focus on squid version 2.4 and linux kernel version
2.4, the most current stable releases as of this writing (May 2001). It should
also work with most of the later 2.3 kernels. If you need information about
earlier releases of squid or linux, you may find some earlier
documents at <htmlurl url="http://www.unxsoft.com" name="www.unxsoft.com">.
</p>
<p>
@ -195,11 +195,14 @@ Setting up squid
Now, we need to get squid up and running. Download the latest source tarball
from <htmlurl url="http://www.squid-cache.org" name="www.squid-cache.org">.
Make sure you get a STABLE version, not a DEVEL version.
The latest as of this writing was squid-2.3.STABLE4.tar.gz.
The latest as of this writing was squid-2.4.STABLE1.tar.gz. Note that AFAIK, you must have squid-2.4 for linux kernel 2.4. The reason is that the
mechanism by which the process determines the original destination address
has changed from linux 2.2, and only squid-2.4 has this new code in it. (For those of you who are interested, previously the getsockname() call was hacked to provide the original destination address, but now the call is getsockopt() with a level of SOL_IP and an option of SO_ORIGINAL_DST).
</p>
<p>
Now, untar and gunzip the archive (use ``tar -xzf &lt;filename&gt;'').
Run the autoconfiguration script (``./configure''), compile (``make'') and
Run the autoconfiguration script and tell it to include netfilter code
(``./configure --enable-linux-netfilter''), compile (``make'') and
then install (``make install'').
</p>
<p>
@ -268,11 +271,10 @@ iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 31
</itemize>
</p><p>
You will want to add the above commands to your appropriate bootup script
under /etc/rc.d/. Readers upgrading from 2.2 kernels should note that,
as far as the author can tell, this is the only command needed. 2.2 kernels
required two extra commands in order to prevent forwarding loops. The
author was unable to generate any loops. If anyone can generate a forwarding
loop using this rule, please send an e-mail to drk@unxsoft.com.
under /etc/rc.d/. Readers upgrading from 2.2 kernels should note that
this is the only command needed. 2.2 kernels required two extra commands
in order to prevent forwarding loops. The infastructure of netfilter is
much nicer, and only this command is needed.
</p>
<sect>