Search squid archive

Re: transparent proxy debugging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos,

Amos Jeffries wrote:
>> LO_REDIRECT=3129
>> $IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
>>                --dport $HTTP -j ACCEPT
>> $IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp -s $LAN_NET --dport $HTTP \
>>                             -j REDIRECT --to-ports $LO_REDIRECT
>> $IPTB -t nat -A POSTROUTING -o $INET_IF -p tcp -j MASQUERADE
>> $IPTB -t mangle -A PREROUTING -p tcp --dport $LO_REDIRECT -j DROP
>>
>> squid.conf:
>>
>> http_port 3129 transparent
>>
>> (are there other options that I need to consider?)
>>
>>  From within the LAN_NET, I get a time out error.
> 
> You are missing the rule which prevents packets leaving Squid from being
> looped back into Squid again.
> 
> You seem to have one preventing external (WAN) traffic from being NAT'd
> into Squid instead.
> 
> Try this:
> 
>  $IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
>     --dport $HTTP -j ACCEPT
> 
>  $IPTB -t nat -A PREROUTING -s $SQUID_IP -p tcp --dport 80 -j ACCEPT
> 
>  $IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp \
>     -s $LAN_NET --dport $HTTP \
>     -j REDIRECT --to-ports $LO_REDIRECT

In my case, wouldn't $SQUID_IP = $INET_IP?

Thanks

Ed


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux