Re-organize Squid document

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-08 08:08:16 -07:00 · 2012-09-08 08:08:16 -07:00 · 0dd7ad7920
commit 0dd7ad7920
parent c13bdbd316
1 changed files with 85 additions and 83 deletions
--- a/docs/Shorewall_Squid_Usage.xml
+++ b/docs/Shorewall_Squid_Usage.xml
@ -139,7 +139,6 @@ httpd_accel_uses_host_header on</programlisting>
      http://www.domain.tld:<emphasis role="bold">8080</emphasis>) then you
      must open those ports as well.</para>
    </caution>
-  </section>

    <section id="Configurations">
      <title>Configurations</title>
@ -159,8 +158,8 @@ httpd_accel_uses_host_header on</programlisting>

        <para>You want to redirect all local www connection requests EXCEPT
        those to your own http server (206.124.146.177) to a Squid transparent
-      proxy running on the firewall and listening on port 3128. Squid will of
-      course require access to remote web servers.</para>
+        proxy running on the firewall and listening on port 3128. Squid will
+        of course require access to remote web servers.</para>

        <para>In <filename>/etc/shorewall/rules</filename>:</para>

@ -170,9 +169,10 @@ ACCEPT    $FW        net      tcp      www
 REDIRECT  loc        3128     tcp      www              -          !206.124.146.177
 </programlisting>

-      <para>There may be a requirement to exclude additional destination hosts
-      or networks from being redirected. For example, you might also want
-      requests destined for 130.252.100.0/24 to not be routed to Squid.</para>
+        <para>There may be a requirement to exclude additional destination
+        hosts or networks from being redirected. For example, you might also
+        want requests destined for 130.252.100.0/24 to not be routed to
+        Squid.</para>

        <para>If needed, you may just add the additional hosts/networks to the
        ORIGINAL DEST column in your REDIRECT rule.</para>
@ -181,12 +181,12 @@ REDIRECT  loc        3128     tcp      www              -          !206.124.146.
 #                                                       PORT(S)    DEST
 REDIRECT  loc        3128     tcp      www              -          !206.124.146.177,130.252.100.0/24</programlisting></para>

-      <para>People frequently ask <emphasis>How can I exclude certain internal
-      systems from using the proxy? I want to allow those systems to go
-      directly to the net</emphasis>.</para>
+        <para>People frequently ask <emphasis>How can I exclude certain
+        internal systems from using the proxy? I want to allow those systems
+        to go directly to the net</emphasis>.</para>

-      <para>Suppose that you want to exclude 192.168.1.5 and 192.168.1.33 from
-      the proxy. Your rules would then be:</para>
+        <para>Suppose that you want to exclude 192.168.1.5 and 192.168.1.33
+        from the proxy. Your rules would then be:</para>

        <programlisting>#ACTION   SOURCE     DEST     PROTO    DEST PORT(S)     SOURCE     ORIGINAL
 #                                                       PORT(S)    DEST
@ -225,11 +225,11 @@ REDIRECT  $FW        3128     tcp      www              -          -
      <section id="Local">
        <title>Squid (transparent) Running in the local network</title>

-      <para>You want to redirect all local www connection requests to a Squid
-      transparent proxy running in your local zone at 192.168.1.3 and
-      listening on port 3128. Your local interface is eth1. There may also be
-      a web server running on 192.168.1.3. It is assumed that web access is
-      already enabled from the local zone to the Internet.</para>
+        <para>You want to redirect all local www connection requests to a
+        Squid transparent proxy running in your local zone at 192.168.1.3 and
+        listening on port 3128. Your local interface is eth1. There may also
+        be a web server running on 192.168.1.3. It is assumed that web access
+        is already enabled from the local zone to the Internet.</para>

        <orderedlist>
          <listitem>
@ -274,8 +274,9 @@ loc     eth1         detect       <emphasis role="bold">routeback</emphasis>
      <section id="DMZ">
        <title>Squid (transparent) Running in the DMZ</title>

-      <para>You have a single system in your DMZ with IP address 192.0.2.177.
-      You want to run both a web server and Squid on that system.</para>
+        <para>You have a single system in your DMZ with IP address
+        192.0.2.177. You want to run both a web server and Squid on that
+        system.</para>

        <para>In <filename>/etc/shorewall/rules</filename>:</para>

@ -284,6 +285,7 @@ loc     eth1         detect       <emphasis role="bold">routeback</emphasis>
 DNAT     loc      dmz:192.0.2.177:3128 tcp      80              -          !192.0.2.177</programlisting>
      </section>
    </section>
+  </section>

  <section id="Manual">
    <title>Squid as a Manual Proxy</title>
@ -310,7 +312,7 @@ ACCEPT    $FW      net    tcp      80,443</programlisting></para>
  </section>

  <section id="TPROXY">
-    <title>Transparent with TPROXY</title>
+    <title>Squid3 as a Transparent Proxy with TPROXY</title>

    <para>Shorewall 4.5.4 contains support for TPROXY. TPROXY differs from
    REDIRECT in that it does not modify the IP header and requires Squid 3 or