--- Mike Mestnik <cheako911@xxxxxxxxx> wrote: > Date: Fri, 1 Oct 2004 14:33:49 -0700 (PDT) > From: Mike Mestnik <cheako911@xxxxxxxxx> > Subject: netfilter: Transparent squid running on another host. > To: "lists.debian.org debian-firewal" <debian-firewall@xxxxxxxxxxxxxxxx> > > My *default GW* is 10.0.0.1(train) and I have squid running on > 10.0.0.110:3128(paladin). > I have setup squid to run as a TP, setting something about keeping http > headers and what not. The proxy(when clients are configured) dose work, > but tcp showes that transparent client's are not using the proxy. > > These are the rules I have been trying to use, with out succsess... > > # Non-local transparent FTP and HTTP(S) proxy. > iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\ > --src ! 10.0.0.110 --dport 80\ > -j MARK --set-mark 1 > iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\ > --src ! 10.0.0.110 --dport 443\ > -j MARK --set-mark 1 > # Exclude a host. > # iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\ > # --src 10.0.0.20 --dport 80\ > # -j MARK --set-mark 0 > # iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\ > # --src 10.0.0.20 --dport 443\ > # -j MARK --set-mark 0 > ip rule add fwmark 1 table web.out > ip route add default via 10.0.0.110 dev $IFACE table web.out > > For now it's OK that 10.0.0.20 dosen't(may not) get exluded from the > transparent proxy. I have another solution for this, if the above > commented rules don't do the trick. > > > > > _______________________________ > Do you Yahoo!? > Express yourself with Y! Messenger! Free. Download now. > http://messenger.yahoo.com > > > -- > To UNSUBSCRIBE, email to debian-firewall-REQUEST@xxxxxxxxxxxxxxxx > with a subject of "unsubscribe". Trouble? Contact > listmaster@xxxxxxxxxxxxxxxx > > _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
