prophetmr wrote:
From what i understood from the page you linked i put this in the firewall of
the router
# nvram set rc_firewall="
iptables -t nat -A PREROUTING -s 192.168.3.107 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
"
[Ctrl+D]
# nvram commit
at that point i lost net access , i could connect to the router but i
couldnt even access its firmware screen, reset the router to original config
and reloaded my backup image with the ols script and im back up and running
but still have my problem. what did i miss?
That was not on the page I linked. It was on one of the linked pages
with information on what the squid box config needs to look like. Other
end of the routing linkage.
The page I linked to for the router setup, uses "mark" on packets, in
the "mangle" table.
There you go. It's the way you are doing interception.
NAT is a destructive process, it drops the original source IPs from the
IP-layer information. Thats just the way NAT operates.
What you want to do instead is selectively route the port 80 traffic to
the squid box and do the intercept NAT there instead of on the router.
see
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
for an example of how to set that up at the router.
The linked REDIRECT page has rules for the Squid box setup.
Amos
Amos
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
Current Beta Squid 3.1.0.3