On December 16, 2003 03:08 pm, Jason Cook wrote: > Ok. I would like to run just the proxy and caching end > of squid...so I removed the acceleration options. > > I then added the lines to log. But I added > --log-prefix "Iptables Error:" to the lines that were > suggested, but I can't find any reference to them in > the log file. Does anyone have any ideas? > > > > I am trying to install Linux as a firewall and > > > > caching > > > > > server with iptables and Linux. I > > > need to do this transparently. > > > > > > I installed Red Hat Linux 9. Ran all of the > > > > updates > > > > > nice and smooth. Turned on ip forwarding. > > > Configured Squid...and tested it by specifying the > > > servers ip address and port 3128 from the > > > browser. Works great. Here the options I had > > > > changed > > > > > in the config file. > > > > > > http_port 3128 > > > http_access deny to_localhost > > > acl our_networks src 10.0.0.0/8 > > > http_access allow our_networks > > > httpd_accel_host virtual > > > httpd_accel_port 80 > > > httpd_accel_with_proxy on > > > httpd_accel_uses_host_header on > > > > I'm puzzled by this combination - are you trying to > > set up Squid as a caching > > proxy, or as an accelerator (or both)? > > > > You do not need the acceleration options turned on > > to operate Squid as a > > transparent proxy (and it is not generally > > recommended that you operate a > > single instance of Squid in both modes > > simultaneously - you can do it, but > > it's recommended to use two instances of Squid > > instead). > > > > > For iptables I used > > > iptables -t nat -A PREROUTING -i eth1 -p tcp > > > > --dport > > > > > 80 -j REDIRECT --to-port 3128 > > > > > > I then try to browse the internet from a client > > > through the firewall and nothing. > > > > > > When I run iptables -t nat -nv -L > > > > > > Chain PREROUTING (policy ACCEPT 31254 packets, > > > > 3971K > > > > > bytes) > > > pkts bytes target prot opt in out > > > > source > > > > > destination > > > 0 0 REDIRECT tcp -- eth1 * > > > 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > > > redir ports 3128 > > > > > > PREROUTING is accepting packets...but none are > > > processes by the redirect rule. > > > > I assume that eth1 is your internal LAN interface, > > so that's where the packets > > will be coming from. Can you try adding some LOG > > rules so we can see where > > the packets are really going? > > > > iptables -I PREROUTING -t nat -p tcp --dport 80 -j > > LOG > > iptables -I INPUT -p tcp --dport 80 -j LOG > > iptables -I FORWARD -p tcp --dport 80 -j LOG > > > > Antony. > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/
