Damián Mantelli (A.C.A.R.A) wrote:
Thanks for your help, I will perform my iptables with that information, but I have a second cuestion, must I set additional modules into the Kernel? Or set something in /etc/sysctl.conf ? something like net.ipv4.ip_forward=1 ..
only needed if your cache server also working as gateway
Thanks Damián. -----Mensaje original----- De: Ashish [mailto:maillistsmix@xxxxxxxxx] Enviado el: Miércoles, 17 de Agosto de 2005 03:45 a.m. Para: Damián Mantelli (A. C. A. R. A ) CC: squid-users@xxxxxxxxxxxxxxx Asunto: Re: IPTABLES + SQUID + TRANSPARENT PROXY Hi , The following u need to do for making squid as transparent proxy:- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128 iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80 iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80 iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80 iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.1.100 -p tcp --dport 80 -j DNAT --to 192.168.1.100:3128 iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 192.168.1.100 -j SNAT --to 192.168.1.1 iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.100 -i eth1 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/24 -s 192.168.1.100 -i eth1 -o eth1 -m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT make the following changes in squid.conf:- httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Thanks Ashish Malik
