Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 611 — #637
i
i
i
i
i
i
i
i
25
Internet
Configuration Options in /etc/squid/squid.conf
The options to activate in the /etc/squid/squid.conf file to get the
transparent proxy up and running are:
httpd_accel_host virtual
httpd_accel_port 80 # the port number where the actual HTTP
server is located
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Firewall Configuration with SuSEfirewall2
Now redirect all incoming requests via the firewall with help of a port
forwarding rule to the Squid port. To do this, use the enclosed tool SuSE-
firewall2. Its configuration file can be found in /etc/sysconfig/
SuSEfirewall2. The configuration file consists of well-documented en-
tries. Even to set only a transparent proxy, you must configure some fire-
wall options:
Device pointing to the Internet: FW_DEV_EXT="eth1"
Device pointing to the network: FW_DEV_INT="eth0"
Set ports and services (see /etc/services) on the firewall permitted ac-
cess from untrusted networks such as the Internet. In this example, only
web services are offered to the outside:
FW_SERVICES_EXT_TCP="www"
Define ports or services (see /etc/services) on the firewall permitted
access from the secure network, both TCP and UDP services:
FW_SERVICES_INT_TCP="domain www 3128"
FW_SERVICES_INT_UDP="domain"
This allows accessing web services and Squid (whose default port is 3128).
The service “domain” stands for DNS (domain name service). This service
is commonly used. Otherwise, simply take it out of the above entries and
set the following option to no:
FW_SERVICE_DNS="yes"
611SUSE LINUX Enterprise Server