You need the following in your squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
and a rule something like this for ipchains:
ipchains -A input -j REDIRECT 3128 -s 192.168.x.0/24 -d any/0 80 -p tcp
(replace 192.168.x.0/24) with valid internal network.
My stupid mistake was to put this rule after the -j ACCEPT for all
internal networks so it never hit the rule. Oh well, at least it's
working now.
You'll also have to recompile the kernel with CONFIG_IP_TRANSPARENT_PROXY
on. This requires turning on the experimental switch.
Martin.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
