transparent proxy with squid and iptables

and using another squid as your parent. wow. here's what i did to get squid to transparently accept http requests and forward it to a squid parent. this has nothing to do with zope or python :P

setup our squid box. i've been using gibraltar, and it is a really good distro. most everything is there already.

add these lines to the squid.conf at the gibraltar box:

  http_port 3128
  icp_port 3130
  icp_query_timeout 1500
  cache_peer your.squid.parent parent 3128 3130 default no-query

now, we need to get all requests to port 80, and redirect to the squid port (3128):

  gettanpawayer:~# iptables -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128 -t nat

we need to get the squid parent to listen to icp query (enable icp_port 3130), and allo icp query (icp_access)

and we should be on our way!

a peek at the squidd parent's log will show something like this:

  1091507233.005   2091 x.x.x.x TCP_MISS/200 21997 GET http://www.zope.org/ - DIRECT/63.240.213.171 text/html
  1091507234.152    869 x.x.x.x TCP_CLIENT_REFRESH_MISS/200 1886 GET http://zope.org/plonePrint.css - DIRECT/63.240.213.171 text/css
  1091507234.454   1188 x.x.x.x TCP_MISS/200 6686 GET http://zope.org/ploneCustom.css - DIRECT/63.240.213.171 text/css
  1091507234.519   1247 x.x.x.x TCP_CLIENT_REFRESH_MISS/200 5455 GET http://zope.org/ploneNS4.css - DIRECT/63.240.213.171 text/css
  1091507234.934   1673 x.x.x.x TCP_MISS/200 16239 GET http://zope.org/plone.css? -   DIRECT/63.240.213.171 text/css