Finally, after long attempts, Squid started working for me.

Now I need to close the list of ip addresses of all sites except the whitelist sites, I’m doing this, everything works, the sites load only those that are in the white list.

.................................................. .................................

acl all_sites dst 0.0.0.0/0acl sell_ips src "/etc/squid/sellroom/ip"acl sell_urls url_regex "/etc/squid/sellroom/whitelist"http_access allow sell_ips sell_urlshttp_access deny sell_ips all_sites

.................................................. .................................

Tracing from the PC behind the proxy server

 C:\Documents and Settings\Администратор>tracert yandex.ruВрассировка ΠΌΠ°Ρ€ΡˆΡ€ΡƒΡ‚Π° ΠΊ yandex.ru [213.180.193.11]с ΠΌΠ°ΠΊΡΠΈΠΌΠ°Π»ΡŒΠ½Ρ‹ΠΌ числом ΠΏΡ€Ρ‹ΠΆΠΊΠΎΠ² 30: 1 <1 мс <1 мс <1 мс 192.168.1.1 2 2 ms 1 ms 1 ms drs8.oktgs.ufanet.ru [94.41.61.41] 3 2 ms 2 ms 2 ms 94.41.61.46.dynamic.ufanet.ru [94.41.61.46] 4 5 ms 5 ms 5 ms 92.50.191.118.static.ufanet.ru [92.50.191.118] 5 31 ms 31 ms 30 ms 193.106.112.112 6 * * * ΠŸΡ€Π΅Π²Ρ‹ΡˆΠ΅Π½ ΠΈΠ½Ρ‚Π΅Ρ€Π²Π°Π» оТидания для запроса. 7 45 ms 45 ms 45 ms

A computer with an address of 192.168.0.2 is pinged from a proxy server, but there is no proxy from a PC.

  • And what for RDP through squid ??????? - pyatak

2 answers 2

squid is an HTTP proxy, it can only forward http traffic. perhaps it can still work as socks, then in principle it can forward other types of traffic, but programs running through it must support the socks protocol.

But ping and tracert are not proxied at all, because they use the ICMP protocol. If you want everything to go transparent, you need not a proxy, but a masquerade, i.e. NAT traffic.

For linux, for example, iptables does this. iptables -I POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE will provide a transparent output for all computers from the 192.168.0.0-192.168.0.255 subnet.

    To do this, you need to enable RPC over HTTPS on the remote Vendov server.

    But I agree with Pyatak - this is a subtle perversion!

    • Here is another help: allcomputers.us/windows_server/… - areshin
    • I do not need RDP to work through SQUID, RDP does not work on computers on which I blocked all sites .... - evgeniy
    • Sites, and RDP are different things, if it's simpler, then you need to configure users' browsers to squid and everything else should go without any proxies. And in fact, hang squid on a port other than 80, for example 8080, and on the gateway make dnat from port 80 to 8080. And all the browsers you have on squid and wrapped, and transparent !!! - pyatak
    • So it all works squid on port 80, but for those who have blocked sites nothing works except for the white list sites. - evgeniy
    • from client computer tracert yandex.ru what says? - ArcherGodson