7

It's that time of year again, and I'm working on setting up a temporary CentOS box to act as a proxy for SOME websites (not all) in our corporate environment Monday morning (Ok, Sunday is April 1st, but Monday is close enough, right?)!

I've never used Squid before, but my IT Director and I believe this is a worthy scenario to use it. The goal: flip images of SOME websites upside down within our corporate environment.

Per This Ubuntu How-to, I have installed Squid, Apache, and ImageMagick onto a fresh base install of CentOS 6.

I've copied and pasted the contents of flip.pl into /usr/local/bin and verified all files permissions. I then went into our Windows DNS server and added my own personal website (for testing purposes) to get those requests sent to the new proxy server.

Squid is running on its default port of 3128, and apache is running on its default port of 80. Since DNS (for the test URL) is set to point to this CentOS box, I've edited its own /etc/hosts to point the URL to the correct IP address so that Squid & Apache to get the content.

So now I'm to the testing phase. I'm going to the website testurl.com:3128, and it... times out. We will use the router's IP Tables to redirect traffic on the day of, but for now, I am just using the browser's URL to identify Squid's port, as you can see here.

I've verified (when I ping it) that it hits the CentOS box running Squid/Apache. I've also verified that there's a rule in this box's IP Tables to allow port 3128 and port 80:

[root@centos6 squid]# cat /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT

I do see this in Squid's cache log:

2012/03/30 16:33:26| WARNING: Forwarding loop detected for: GET / HTTP/1.1^M Host: www.my-test-url.com:3128

What do you suppose I am doing wrong or missing? Any ideas how we can accomplish this?

David W
  • 3,405
  • 5
  • 34
  • 61

1 Answers1

4

You want to setup a transparent proxy where your firewall is redirecting requests to the Squid server.

Jeff Ferland
  • 20,239
  • 2
  • 61
  • 85
  • Ah, so on this same box, I would enter in the IP Tables commands found in ex-parrot.com/~pete/upside-down-ternet.html and the Ubuntu guide I linked to earlier? I've already setup Squid to operate with the "transparent" directive. – David W Mar 30 '12 at 20:59
  • 1
    Yup. If you tell it to be transparent and point the client at it, it won't work. That's what you did, and it resulted in the server trying to get a page from itself, which mean it tried to get a page from itself, which meant... If you tell it to be normal and don't point the client at it, it won't work. Since you clients won't reconfigure, you need to use firewall rules to put the proxy in the middle of the connection. – Jeff Ferland Mar 30 '12 at 23:03
  • Gotcha. Makes perfect sense. We'll plan to point folks to the proxy server via internal DNS for the sites we want to manipulate instead of messing with the routers in this case, and then just update the firewall / IP Tables settings on this actual box. Thanks again! I'll let you know how it goes. :) – David W Mar 31 '12 at 00:45
  • I'm marking this one as the accepted answer, because in theory, everything was working great... until I got a really nasty head cold and couldn't finish it up in time. After a week or two, I went in and removed the VM entirely as we obviously didn't have a need for it. Thanks for your help, I appreciate it. It was a fun project while it lasted. – David W Apr 22 '12 at 03:30