Hie Rob et al, Sorry that I could be dumping my whole file to the list but here is my iptables script. Everything else works apart from the fact that at first I could not access my external website also on the same machine and squid could not be accessible. I solved the external website by configuring view in my DNS but it seems there is no easy way for the squid box. Regards, Isaiah. >> Dear list, >> >> I have a problem with my squid + ip masquerading setup. My box has two >> interfaces one internal one external. I masquerade all internal > traffic >> on this box which also runs squid proxy. >> >> When my iptables runs, and I point my client to the proxy on this box >> I do not seem to get anywhere even though the squid box accepts and >> logs a request. > > So your INPUT rules seem to be fine for your LAN. > >> When I go direct I can get the page. >> >> My gut feeling is that the squid box does get the request, >> processses but due to some nating problem fails to identify the client >> which made the request. Could anyone help to arrest the rot? > > Well, you could start by adding iptables LOG rules to see what happens. > - Does squid actually try to perform the request (try a tcpdump or > something) ? > - Is the request getting through your (OUTPUT) rules (hence the logging) > ? > - Is the reply being allowed ? > - What have you looked at / what have you tried ? > - Maybe some rules we need to look at ? > > If you don't have any logging yet, add a rule to the bottom of your > OUTPUT ruleset saying something like : > $ipt -A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "_ipt_OUTPUT: > " > and see if it's logging http requests from squid. If it is and your > OUTPUT policy is DROP, the requests are most likely not getting out of > your box. > But since you didn't tell much about your setup and what you tried, > that's only a wild guess. > > > Gr, > Rob -- Linux System/Network Administrator, College of Medicine, P/Bag 360, Chichiri, Blantyre 3.
Attachment:
iptables
Description: Binary data
