1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Squid setup

Discussion in 'Tomato Firmware' started by smti, Dec 27, 2007.

  1. smti

    smti Guest

    Hello,

    Has anyone successfully got Squid working with/on Tomato? I've setup a dedicated Linux box with squid installed, but I can't seem to forward port 80 traffic from my router (running tomato) to my Squid box. I thought I could simply setup a port forward to accomplish this, but it does not seem to work. Any ideas? Would it be possible to install squid right on the router via SSH?

    (I want to monitor/block web traffic of my users.)

    Any pointers would be greatly appreciated!

    Thanks,

    smti
     
  2. i1135t

    i1135t Network Guru Member

    I don't think anyone has, but now that Thor's mod allows optware, I was wondering if it's now possible to install an optware squid package, if available. I've looked around and cannot find one anywhere.
     
  3. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I helped someone set up their Tomato router to forward all port 80 requests to a squid server on the LAN (like what you have) some time ago. I'll see if I can dig up the thread.
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Found it

    Make sure you read all the way through; my first suggestion was not complete.

    EDIT:
    In short:
    Code:
    iptables -t nat -A PREROUTING -i br0 -s <computer ip> -p tcp --dport 80 -j DNAT --to <proxy ip>:<proxy port>
    iptables -t nat -A POSTROUTING -o br0 -s <computer ip> -p tcp -d <proxy ip> -j SNAT --to `nvram get lan_ipaddr`
    iptables -t filter -I FORWARD -s <computer ip> -d <proxy ip> -i br0 -o br0 -p tcp --dport <proxy port> -j ACCEPT
    That was reported to work for redirecting a single computer. While it could be repeated for each device to want to redirect, you could also try the following (after you confirm the above works for you) to redirect traffic for all devices (except for the proxy itself):
    Code:
    iptables -t nat -A PREROUTING -i br0 -s ! <proxy ip> -p tcp --dport 80 -j DNAT --to <proxy ip>:<proxy port>
    iptables -t nat -A POSTROUTING -o br0 -s <lan subnet> -p tcp -d <proxy ip> -j SNAT --to `nvram get lan_ipaddr`
    iptables -t filter -I FORWARD -d <proxy ip> -i br0 -o br0 -p tcp --dport <proxy port> -j ACCEPT
     
  5. i1135t

    i1135t Network Guru Member

    Thanks, but it doesn't seem to work with "srelay". I guess I will have to wait and see if SQUID to be compiled for use with tomato in the future.
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Absolutely; there's no way it would work with a SOCKS proxy like Srelay. The rules are meant to work with an HTTP proxy like squid... like in smti's original post.

    But, it should work with an external squid server. There's no need to compile for the router itself (unless having a separate proxy server running all the time is unacceptable, of course).
     
  7. i1135t

    i1135t Network Guru Member

    Ok, thanks, it looks like I will have to setup an external box for my proxy and/or media center... :)
     

Share This Page