[ILUG] setting up a transparent squid proxy.

Pedro Jurado ped.jurado at gmail.com
Thu Jan 3 19:28:40 GMT 2008 

You might need something more like ebtables and two network cards.

The idea is simple, make the linux box to act like a bridge in the
level 2 of OSI model (or Link in TCP/IP i think) and in promiscous
mode, so this computer is "invisible" to the rest of the network,
that's the reason to use ebtables instead iptables, ebtables route in
level 2 while iptables only works in level 3 and you needed to "send"
the frames to squid.

Better if someone with a more understable English explain the process
http://freshmeat.net/articles/view/1433/

The physical position of your computer must be just between your
network and your router and be sure there is not any other physical
route to access the router.


Network                        Bridge
192.168.2.0/24 --------->Networcard 1 (PC)
Networkcard2----------->Router (192.168.2.6)

Good luck


2008/1/3, Darragh <d at digitaldarragh.com>:
> Hello there,
>
> I'm trying to get my head around something at the moment and I'm hoping
> someone can possibly shed some light on my thought's here.
>
> I want to set up a transparent proxy.  It's actually something I'm going
> to have to replicate in work to a larger extent and I want to learn how to
> do it here first where it's not going to cause any down time.
>
> I think I have the squid.conf file configured enough to give me the
> feedback I'll need when I get traffic directed through it but I'm having a
> bit of a problem understanding exactly how I go about directing traffic to
> that machine.
>
> The setup here is as follows:
> machine on 192.168.2.6 is acting as the dhcp server.
> I want this machine to also act as the squid server.
> It has only one ethernet interface of relevants here.
>
> so basically, I need to determine a way of sending all traffic to that
> machine without configuring any proxy on the client side.
>
> The router that I'm using doesn't seem to have any decent internal port
> forwarding capability if any at all so it looks like I need to use the
> same box to handle this as well.
>
> Is this at all possible?
>
> I was thinking that if I set the gateway to 192.168.2.5 i.e. the linux box
> instead of the router at 192.168.2.1 perhaps I could get all traffic
> directed through that machine and use another package to handle that.
>
> Any suggestions welcome.
>
> I'm using OpenSuSE 10.3.
>
> Thanks
>
>
> Darragh

More information about the ILUG mailing list