On Wed, Feb 16, 2005 at 10:51:16AM -0500, Payal Rathod wrote: > Hi, > My friend has a sharepoint (don't know what it is) server in her DMZ > at 10.10.10.3. She can access that server from outside world by > giving its public IP in browser. She cannot access it via her squid > proxy inside the LAN. But when she removes proxy settings and gives, > iptables -I FORWARD -s 192.168.10.7 -j ACCEPT > she can access it. When I say access here it means that in all cases > she can see IIS page but it is giving authorization failed from > inside LAN. When she removes proxy settings and gives iptables rule > above she is presented with a username-password box which is not seen > via squid internally. > Strangely if I am on the squid/gateway/firewall machine and still > using proxy I can see the authorization box. Can someone give us > both some hints to proceed? my guess is that your friend is using transparent redirection to the squid proxy and not explicit proxying (i.e. configuring the proxy in the web browser). HTTP AUTH does not work through a transparent proxy. easiest solution would be to bypass the transparent redirect for requests to the sharepoint server by adding an ACCEPT rule prior to the REDIRECT: iptables -t nat -A PREROUTING -i $INT_IF -d 10.10.10.3 --dport 80 \ -j ACCEPT iptables -t nat -A PREROUTING -i $INT_IF --dport 80 \ -j REDIRECT --to-port 3128 -j -- "Operator! Give me the number for 911!" --The Simpsons