I want to build a transparent squid proxy for home to play around with wccp configs. First step is to get a working squid proxy:
cd ~
wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.4.tar.gz
tar zxf squid-3.1.4.tar.gz
cd squid-3.1.4
sudo ./configure –prefix=/usr –localstatedir=/var –libexecdir=/usr/lib/squid –srcdir=. –datadir=/usr/share/squid –sysconfdir=/etc/squid –with-logdir=/var/log –with-pidfile=/var/run/squid.pid –enable-wccp
make
make install
cd /etc/squid
sudo vi squid.conf
squid.conf:
http_port 3128
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp:Â Â Â Â Â Â Â Â Â Â 1440Â Â Â 20%Â Â Â Â 10080
refresh_pattern ^gopher:Â Â Â Â Â Â Â 1440Â Â Â 0%Â Â Â Â Â 1440
refresh_pattern -i (/cgi-bin/|\?) 0Â Â Â Â 0%Â Â Â Â Â 0
refresh_pattern .              0      20%    4320
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8Â Â Â Â # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12Â # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80Â Â Â Â Â Â Â Â Â # http
acl Safe_ports port 21Â Â Â Â Â Â Â Â Â # ftp
acl Safe_ports port 443Â Â Â Â Â Â Â Â # https
acl Safe_ports port 70Â Â Â Â Â Â Â Â Â # gopher
acl Safe_ports port 210Â Â Â Â Â Â Â Â # wais
acl Safe_ports port 1025-65535Â # unregistered ports
acl Safe_ports port 280Â Â Â Â Â Â Â Â # http-mgmt
acl Safe_ports port 488Â Â Â Â Â Â Â Â # gss-http
acl Safe_ports port 591Â Â Â Â Â Â Â Â # filemaker
acl Safe_ports port 777Â Â Â Â Â Â Â Â # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
start squid with: sudo squid -z
check it is running: ps -el | grep squid
Check the access log: cat /etc/access.log
Next step is getting WCCP configured:
http://wiki.squid-cache.org/Features/Wccp & http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
