On 20/04/11 19:49, cc wrote:
Amos Jeffries wrote:
Only if the first of those rules is broken.
... -i $INET_IF -s $INET_IP matches traffic from another machine called
$INET_IP outside the current box.
Hi Amos,
I don't seem to be getting anywhere.
Given that I redirect all outgoing port 80 traffic to the localhost:3190
(or whatever), can I set up squid such that instead of sending the
packets through the ACL filters et.al, it just basically displays a
page (html file of some sort)? At this point, I really don't know
what's blocking the traffic. I don't 'see' traffic going to LO.
To make things easier, I run 'squid -N -X'.
Right now, I don't know if my netfilter rules are missing
something or my squid is not configured properly.
BTW, instead of 3.x, I've gone back to 2.7 as I can get that thing
compiled. 3.1.x is still giving me compilation errors.
Will keep on trying this though.
Ed
If you want to be certain whats happening use DNAT. Which only alters
what you explicitly configure. Our demo configs only change port so the
IPs stay predictable.
(Apparently DNAT is a bit faster too.)
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
