Having problems with message search?
Setting up squid
Make sure you get a STABLE version, not a DEVEL version. The latest as of this writing was squid-2.4.STABLE4.tar.gz. Note that AFAIK, you must have squid-2.4 for linux kernel 2.4. The reason is that the mechanism by which the process determines the original destination address has changed from linux 2.2, and only squid-2.4 has this new code in it. (For those of you who are interested, previously the getsockname() call was hacked to provide the original destination address, but now the call is getsockopt() with a level of SOL_IP and an option of SO_ORIGINAL_DST).
Now, untar and gunzip the archive (use ``tar -xzf <filename>''). Run the autoconfiguration script and tell it to include netfilter code (``./configure --enable-linux-netfilter''), compile (``make'') and then install (``make
install'').
Now, we need to edit the default squid.conf file (installed to /usr/local/squid/etc/squid.conf, unless you changed the defaults). The squid.conf file is heavily commented. In fact, some of the best documentation available for squid is in the squid.conf file. After you get it all up and running, you should go back and reread the whole thing. But for now, let's just get the minimum required. Find the following directives, uncomment them, and change them to the appropriate values:
- httpd_accel_host virtual
- httpd_accel_port 80
- httpd_accel_with_proxy on
- httpd_accel_uses_host_header on
Next, look at the cache_effective_user and cache_effective_group directives. Unless the default nobody/nogroup has been created on your system (AFAIK, it is not created out of the box on many popular distributions, including RH7.1), you'll either
need to create those, or create another username/group for squid to run under. I strongly recommend that you create a username/group of squid/squid and run under that, but you could use any existing user/group if you want.
Finally, look at the http_access directive. The default is usually ``http_access deny all''. This will prevent anyone from accessing squid. For now, you can change this to ``http_access allow all'', but once it is working, you will probably want to read the directions on ACLs (Access Control Lists), and setup the cache such that only people on your local network (or whatever) can access the cache. This may seem silly, but you should put some kind of restrictions on access to your cache. People behind filtering firewalls (such as porn filters, or filters in nations where speech is not very free) often ``hijack'' onto wide open proxies and eat up your bandwidth.
Initialize the cache directories with ``squid -z'' (if this is a not a new installation of squid, you should skip this step).
Now, run squid using the RunCache script in the /usr/local/squid/bin/ directory. If it works, you should be able to set your web browser's proxy settings to the IP of the box and port 3128 (unless you changed the default port number) and access squid as a normal proxy
Setting up iptables (Netfilter)
To set up the rules, you will need to know two things, the interface that the to-be-proxied requests are coming in on (I'll use eth0 as an example) and the port squid is running on (I'll use the default of 3128 as an example).
Now, the magic words for transparent proxying:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
You will want to add the above commands to your appropriate bootup script under /etc/rc.d/. Readers upgrading from 2.2 kernels should note that this is the only command needed. 2.2 kernels required two extra commands in order to prevent forwarding loops. The infastructure of netfilter is much nicer, and only this command is needed.
All new Yahoo! Mail -
Get a sneak peak at messages with a handy reading pane.
Offline 
Send Email