Transparent Web Caching using the Squid Proxy (10.x)

Security Gateway Articles and How to's
Locked
jono
Posts: 85
Joined: 18 Apr 2008, 10:46
Location: Clavister HQ - Örnsköldsvik

Transparent Web Caching using the Squid Proxy (10.x)

Post by jono » 30 Apr 2008, 13:23

This How-to applies to:
  • Clavister CorePlus 8.x, 9.x
  • Clavister cOS Core 10.x
Setting up Clavister Security Gateway

We use three interfaces: Lan, Wan and Dmz.
The Lan network is 192.168.0.0/24
The Dmz network is 172.16.0.0/24.
The Wan interface is setup according to the ISP's specifications (wan_ip, wan_net and wan_gw).

The Squid Proxy server has IP address 172.16.0.2 and is connected to the Dmz interface.

Setting up the IP Rules
Setup a SAT IP Rule that forwards all traffic going to all-nets (0.0.0.0/0) and tcp port 80 to the Squid Proxy server, on IP Address 172.16.0.2. We also port translate from port 80 to the new destination port 3128.
We also need a NAT rule for the traffic from the Squid proxy to the public internet.

1. SAT lan lan_net wan all-nets HTTP SetDestination=172.16.0.2 NewPort=3128
2. Allow lan lan_net wan all-nets HTTP
3. NAT dmz 172.16.0.2 wan all-nets HTTP




Squid

To run Squid in a transparent mode, you need to enable the following in squid.conf.
  • httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_host virtual
    httpd_accel_uses_host_header on
Squid does not need to know how requests arrive at its listening port (Default: 3128), squid sees a request for a URL and connects to port 80 on the server where it thinks the URL resides. Notice that squid does not have any control over what types of request arrive to it so try to only forward the protocols it can handle.

Locked