Roberto, what is the size of this FS?
I can see that you use 8000.
cache_dir ufs /var/spool/squid 8000 16 256
Documentation states, that you have to subtract 20% from total space available for cache.
Wiki is pointing that 10% should be left for OS accounting structures.
This way or another it is safe to leave some free space!
I am not sure, but please take a look with this checklist:
Edit the the squid.conf
file and change the following line to enable transparent proxy mode:
http_port 3128
to
http_port 3128 intercept
Then
service squid restart
service squid reload
Add an entry to iptables NAT table to port-forward inbound traffic on the inside interface (LAN side) to the Squid server on port 3128 (assuming eth0 is the inside interface with the IP address 192.168.1.3
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.3:3128
Now you can look at your iptables, default filter table, and NAT table, using the following commands:
iptables -L -t filter
iptables -L -t nat
Now you can add (append) to the iptable filter table with the following commands, to accept input on port 3128 for Squid
iptables -t filter -A INPUT -p tcp --dport 3128 -j ACCEPT
Also Try this:
You need both one 'intercept' and one 'forward proxy' port in config
even if you don't use forward proxy:
http_port 3129
http_port 3128 intercept
Note: The transparent
option has been deprecated by intercept
option since 2010.
Best Answer
There are different ways of achieving this.
iptables
in the proxy server that will block outgoing connection to port 80/443 for local LAN, so that the users won't be able to use internet without using the proxy.route
command so that the packet are routed to the right gateway to reach the other network.The problem is in your setup, you are using the proxy server as gateway, which is actually not a router, as you have said, it has only one ethernet interface. So you should consider configuring your LAN so, that the computers are configured with the correct/actual gateway address. This way they will be able to reach other networks without going through the proxy server. A proxy server doesn't need to be the default gateway to work properly.