Here is the network structure for the school server with proxy setup.

# vi /etc/sysctl.conf

make

net.ipv4.ip_forward = 1

service network restart

Then ip-forwarding through ip-tables

# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

# iptables --append FORWARD --in-interface eth2 -j ACCEPT

squid

install and cofigure squid

--------------------squid.conf-------------------------------------

http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

acl apache rep_header Server ^Apache

access_log /var/log/squid/access.log squid

hosts_file /etc/hosts

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563 # https, snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

# Add more acl rules here if we want more

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

acl lan src 192.168.0.113 192.168.1.0/24

http_access allow localhost

http_access allow lan

http_access deny all

http_reply_access allow all

icp_access allow all

visible_hostname sugaroffice.ole

always_direct allow all

coredump_dir /var/spool/squid

Direct port 80 requests to squid listen port (On the machine runnning the cache server)

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.0.113:3128

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128