On 11/18/06, gabrix <gabrix@xxxxxxxxxxxxx> wrote:
[my transparent squid proxy isn't working]
try the following:
squid: make sure these elements are in your squid.conf
---cut---
httpd_accel_port 3128
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_peer localhost parent 8118 7 no-query default
header_access Via deny all
header_access From deny all
forwarded_for off
--end-cut---
privoxy: note that the cache_peer in squid config refers to SOCKS
proxy in privoxy config.
---cut---
listen-address 127.0.0.1:8118
forward-socks4a / 127.0.0.1:9050 .
--end-cut---
tor: note that 9050 is the SOCKS proxy port for Tor.
iptables:
INTF=eth1 # internal network interface
ONTF=eth0 # external default route / public interface
---cut---
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT
--to 3128
---end-cut---
note that you'll want additional firewall / filter rules, and also
that DNS leaks may be present. you will have to transparently proxy
DNS via dns-proxy-tor or equivalent to avoid this, and the following
filter rules can be used for transparent DNS proxy:
---cut---
$IPTABLES -t nat -A PREROUTING -i $INTIF -p udp --dport 53 -j REDIRECT
--to 65533
--end-cut--
where 65533 is where dns-proxy-tor is listening.
TOR=9001,9030,9031,9050,9090,9091
SQUID_PORT=3128