At home I run my own DHCP, DNS and Squid proxy. I implemented the proxy because my DSL connection is pretty bad and anything I can do to improve that goes a long way. Now my proxy works fine, but the issue that I’m running into is having it auto-configure the browser(s) on each machine in the house. It doesn’t do me any good to be running a proxy if it doesn’t actually get used.
Can anyone outline for me, or point me to a reliable resource, on how to automagically configure proxy settings via DHCP. I have spent some time googling this but nothing has worked so far. Either the pages I found were out dated or missing information. Basically I would like any browsing within the LAN to go through the proxy. This will include Firefox, Safari and Epiphany browsers.
Thanks in advance.
I don’t know about auto-config, but if you are looking to “prevent” http/https traffic bypassing the server, try putting the server between the lan and your dsl connection. Then you can set iptables rules, etc for the entire network and use the linux machine as a firewall, etc.
Oh, yeah, don’t forget udp to proxy your streaming, etc.
HI, I know it’s not exactly the answer to Your question, but how about setting a redirect on firewall?
There is a buch on howtos on the internet how to do it, bu basically it goes like this:
iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 3128 //default for squid?
Try looking for: iptables transparent proxy.
It is a different approach, but is quick.
I think you want to take a good look at PAC[1] and WPAD[2].
[1] http://en.wikipedia.org/wiki/Proxy_auto-config
[2] http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
I think what you are looking for is known as a “transparent proxy”, and there are lots of hits for that.
Some good reads, though not exactly stunningly recent:
http://oreilly.com/catalog/webcaching/chapter/ch05.html
http://tldp.org/HOWTO/TransparentProxy.html
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
I use dnsmasq for my dns and dhcp server and have this config option set :-
dhcp-option=252,http://proxy.collective-b.dyndns.org/proxy.pac
then on the wbserver I have the proxy.pac file containing details gleened from http://en.wikipedia.org/wiki/Proxy.pac
now each computer getting an automatic dhcp address also picks up a proxy.pac file and sets up the browser.
good luck
mark waters
You need a PAC file, as Mark points out.
Now, if you have a bad DSL connection, I have some additional things you can try…
– Tridge’s old rproxy http://rproxy.samba.org/
– The new implementation: apache-crcsync (using apache as proxy, with an rsync-like delta protocol). This is in heavy development, but it works http://wiki.laptop.org/go/Apache_Proxy_CRCsync
Here is how MS answered the problem. Supported by Firefox as well:
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
Although this wouldn’t be the ideal setup in a business, my suggestion may work for a more static environment such as your home. Using DHCP, make your proxy box the default gateway for your LAN. I did this yesterday in a pinch on a ESX test server with IPCop and it worked fine. A better solution may just be to have your proxy replace your gateway device if it hasn’t already.
So if that works for you, then no need to worry about .pac and wpad’s.
–Himuraken
You could also set the proxy up to be a transparent proxy. Squid supports this just fine, you just need to add a few firewall rules to send port 80 traffic through the proxy. This way the whole thing will work without any need for configuration on the client end.
Just thought I’d point out libproxy. We don’t currently support DHCP, but its on our roadmap. We’d love some help implementing it! http://code.google.com/p/libproxy/
I once setup my own dhcp server/http proxy this way:
1. dnsmasq to assign ip addresses and used as a nameserver
2. squid proxy
3. iptables to redirect http requests (port 80) to the squid proxy port (3128 by default)
therefore, no need to autodiscover a proxy.pac file.
As others have suggested transparent proxying will help. I use ipcop which has a nice easy tickbox to set transparent proxying on. Job done. 🙂
As other have said… the best solution is to configure a transparent proxy!! go for it! It’s really painful to use a non-transparent proxy if you have many machines 🙂
Hope this Link will be helpful…
http://theswarmintelligence.blogspot.com/2009/11/…