That rule is in the NAT table, you can see it with.
iptables -t nat -nvL
or to see both filter and nat tables together.
iptables -nvL ; iptables -t nat -nvL
The output of the command "iptables -t nat -nvL" is attached with this
email in the squid.txt file.There are about 20 entries when I do
iptables -t nat -nvL is it normal to have these much entries. I have
only applied this rule to the iptables
iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport
80 -j REDIRECT --to-port 3128
I also think you need a subnet declaration for your squid ACLs, because
you are using "src" - see your conf file for more description on proper
declarations.
vi /etc/squid/squid.conf
acl INTERNAL-NETWORK src 192.168.2.0/24
http_access allow INTERNAL-NETWORK
I have corrected this mistake of my mine. I have added subnet
mask with the src acl. (192.168.2.0/24)
Remember, your transparent proxy is a redirection of HTTP requests (port
80) to your proxy cache (port 3128). Squid then handles the request
transparently, the client doesn't realise the change in network packet
flow. To test this properly, you can either disable packet forwarding on
the FC3 box, or set your iptables forward policy to drop everything.
iptables -P FORWARD DROP
ip forward is already disable on the system
sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
But still I am not able to browse from the 192.168.2.0 domain. I have
a machine whose ip address is 192.168.2.88 and the gateway of this
machine is 192.168.2.126( eth1 on FC3).
I can ping 192.168.2.88 to 192.168.2.126 and from 192.168.2.126 to
192.168.2.88 but from 192.168.2.88 I am not able to browse the
internet.
Any pointers what can be the problem ?
Thanks & Regards
Ankush Grover
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 293 packets, 50998 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- ethi * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 2964 packets, 96105 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2964 packets, 96105 bytes)
pkts bytes target prot opt in out source destination --
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
