availability: January 2017
This article describes how you can setup a transparent proxy with squid for your vmware virtual machines using Advanced NAT techniques.
There are two options to have virtual machines use a Squid for proxying and caching downloads:
Edit the config (/etc/squid/squid.conf) to make it act as caching proxy
#caching large files for ISO and other stuff maximum_object_size 40960000 KB #enable access from hosts in vmnet1 acl our_vmnet1_network src 192.168.1.0/24 http_access allow our_vmnet1 #virtual port for squid httpd_accel_port 80 #enable proxy accelarator httpd_accel_with_proxy on #enable correct headers for transparent proxy httpd_accel_uses_host_header on
And then start squid
and logs go into /var/squid/access.log
So what are our options for the virtual machines networking?
now vmnet1 shows up if we do an ifconfig vmnet1 and give it the IP
Step 1: setting the correct gateway and DNS settings for vmnet1
As vmnet1 normally does not have a gateway, the /etc/vmware/vmnet1/dhcpd/dhcpd.conf does not contain the following settings
option domain-name-servers IP-from-your-DNS; option domain-name "your-domain.com"; option routers 192.168.1.10;
The 192.168.1.10 is the IP address you assigned using the manual ipconfig . It has nothing todo with the vmnet1 ip-address that you during the vmware-config.pl to your vmnet1 interface. See /etc/vmware/config, vmnet1.hostonlyaddress= "192.168.1.1" setting.
Step 2: enable forwarding
now that we have two interface we can play with, we can enable the forwarding
Step 3: redirect traffic on destination port 80 to 3128 (Squid)
Step 4: masquerade traffic coming from virtual
Step 5: if you're using a firewall check that you enabled port 3128
errors will go into /var/log/firewall
Now check that when your hosts go the internet, their accesses are logged in the /var/squid/access.log
P.S. While the whole excercise was done to cache f.i. yum and other packages during installation, I found that most of the repositories don't play nicely with the http-headers thereby causing MISSES in the cache.