That rule is in the NAT table, you can see it with. iptables -t nat -nvL or to see both filter and nat tables together. iptables -nvL ; iptables -t nat -nvL
The output of the command "iptables -t nat -nvL" is attached with this email in the squid.txt file.There are about 20 entries when I do iptables -t nat -nvL is it normal to have these much entries. I have only applied this rule to the iptables iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
I also think you need a subnet declaration for your squid ACLs, because you are using "src" - see your conf file for more description on proper declarations. vi /etc/squid/squid.conf acl INTERNAL-NETWORK src 192.168.2.0/24 http_access allow INTERNAL-NETWORK
I have corrected this mistake of my mine. I have added subnet mask with the src acl. (192.168.2.0/24)
Remember, your transparent proxy is a redirection of HTTP requests (port 80) to your proxy cache (port 3128). Squid then handles the request transparently, the client doesn't realise the change in network packet flow. To test this properly, you can either disable packet forwarding on the FC3 box, or set your iptables forward policy to drop everything. iptables -P FORWARD DROP
ip forward is already disable on the system sysctl -p net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 But still I am not able to browse from the 192.168.2.0 domain. I have a machine whose ip address is 192.168.2.88 and the gateway of this machine is 192.168.2.126( eth1 on FC3). I can ping 192.168.2.88 to 192.168.2.126 and from 192.168.2.126 to 192.168.2.88 but from 192.168.2.88 I am not able to browse the internet. Any pointers what can be the problem ? Thanks & Regards Ankush Grover
iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 293 packets, 50998 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- ethi * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth0 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128 Chain POSTROUTING (policy ACCEPT 2964 packets, 96105 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2964 packets, 96105 bytes) pkts bytes target prot opt in out source destination
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list