Search squid archive

Re: transparent proxy debugging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 20/04/11 18:19, cc wrote:

Hi Amos,

Amos Jeffries wrote:

LO_REDIRECT=3129
$IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
                --dport $HTTP -j ACCEPT
$IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp -s $LAN_NET --dport $HTTP \
                             -j REDIRECT --to-ports $LO_REDIRECT
$IPTB -t nat -A POSTROUTING -o $INET_IF -p tcp -j MASQUERADE
$IPTB -t mangle -A PREROUTING -p tcp --dport $LO_REDIRECT -j DROP

squid.conf:

http_port 3129 transparent

(are there other options that I need to consider?)

  From within the LAN_NET, I get a time out error.


You are missing the rule which prevents packets leaving Squid from being
looped back into Squid again.

You seem to have one preventing external (WAN) traffic from being NAT'd
into Squid instead.

Try this:

  $IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
     --dport $HTTP -j ACCEPT

  $IPTB -t nat -A PREROUTING -s $SQUID_IP -p tcp --dport 80 -j ACCEPT

  $IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp \
     -s $LAN_NET --dport $HTTP \
     -j REDIRECT --to-ports $LO_REDIRECT


In my case, wouldn't $SQUID_IP = $INET_IP?


Only if the first of those rules is broken.
... -i $INET_IF -s $INET_IP matches traffic from another machine called $INET_IP outside the current box. 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.7 and 3.1.12.1
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux