availability: January 2017
This article describes how you can setup a transparent proxy with squid for your vmware virtual machines using Advanced NAT techniques.
There are two options to have virtual machines use a Squid for proxying and caching downloads:
Edit the config (/etc/squid/squid.conf) to make it act as caching proxy
#caching large files for ISO and other stuff
maximum_object_size 40960000 KB
#enable access from hosts in vmnet1
acl our_vmnet1_network src 192.168.1.0/24
http_access allow our_vmnet1
#virtual port for squid
httpd_accel_port 80
#enable proxy accelarator
httpd_accel_with_proxy on
#enable correct headers for transparent proxy
httpd_accel_uses_host_header on
And then start squid
#/etc/init.d/squid start
and logs go into /var/squid/access.log
So what are our options for the virtual machines networking?
now vmnet1 shows up if we do an ifconfig vmnet1 and give it the IP
Step 1: setting the correct gateway and DNS settings for vmnet1
As vmnet1 normally does not have a gateway, the /etc/vmware/vmnet1/dhcpd/dhcpd.conf does not contain the following settings
option domain-name-servers IP-from-your-DNS;
option domain-name "your-domain.com";
option routers 192.168.1.10;
The 192.168.1.10 is the IP address you assigned using the manual ipconfig . It has nothing todo with the vmnet1 ip-address that you during the vmware-config.pl to your vmnet1 interface. See /etc/vmware/config, vmnet1.hostonlyaddress= "192.168.1.1" setting.
Step 2: enable forwarding
now that we have two interface we can play with, we can enable the forwarding
Step 3: redirect traffic on destination port 80 to 3128 (Squid)
Step 4: masquerade traffic coming from virtual
Step 5: if you're using a firewall check that you enabled port 3128
errors will go into /var/log/firewall
Now check that when your hosts go the internet, their accesses are logged in the /var/squid/access.log
P.S. While the whole excercise was done to cache f.i. yum and other packages during installation, I found that most of the repositories don't play nicely with the http-headers thereby causing MISSES in the cache.