Re: adzapper help needed
On Mon, 28 Mar 2011 12:22:49 -0600
Paul E Condon <pecondon@mesanetworks.net> wrote:
>
> I think that one must do something to redirect the browser unless one
> configures the proxy to be a 'transparent' proxy, that is configue it
> to listen on port 80. But ... the adzapper docs make no mention of how
> to do this either. The docs did, in the past, give a default port
> number and advice on how to set up transparency. Adzapper, as packaged
> for Squeeze, does not make squid listen on port 80.
>
>
Is that all you need? I run apache on the same box, so I don't want
to muck about with 80. Redirection is an iptables rule:
iptables -t nat -A PREROUTING -p tcp -i $LanIF --dport 80 -j REDIRECT
--to-port 3128
That's with squid on the default 3128 and LanIF being the local
interface of a two-NIC firewall/server. You need an OUTPUT rule
permitting 80, as you would have normally if you don't already let
everything out.
My squid.conf is pretty close to default, with:
http_port 3128
replaced by :
http_port 3128 transparent
and this line uncommented:
http_access allow localnet
and the full private address ranges replaced with those I actually use
in the acl localnet definitions. I would assume the 'transparent' is
the only change you need to an already working squid.
As usual, this was set up a long time ago (probably on sarge) so I
can't swear that's everything, but my iptables.rules certainly contains
no other references to 3128. And from the size of the squid logs, it's
definitely working...
I don't do anything clever with apache, that runs on 80 so squid
processes the requests to that as well. And there's absolutely nothing
done to any of the large range of browsers and operating systems which
use the network from time to time, including Safari on Mac laptops.
--
Joe
Reply to: