On 13/08/11 18:14, Mustafa Shahanshah wrote:
Hi I am trying to implement a squid proxy in transparent mode using a bypass card. http://www.etinc.com/?page=failover.htm what I have done so far is set both the eth devices on the bypass card in bridge mode br0 (The third dev eth0 is for maintenance) the squid is working fine, but try as i might i cant get the traffic to go through the proxy server. (route all port 80 traffic to the squid service and send out again) would it be better to configure the ports individually eth1 and eth2 and then have all the traffic from eth1 routed to the squid and out from eth2 ? I am totally lost here.. all the examples that i have seen on the net so far involve iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3120 but the moment i set this up all the traffic tops (i.e. the bypass/bridge stops forwarding packets! ) but if i set the proxy in the browser i can still surf the net. Any Ideas ?
Packets going over a bridge do not go through any routing logics. Including NAT. You must DROP them off the bridge before they can be intercepted into Squid.
Since adding a NAT REDIRECT changes things it sounds like you have that part working. But REDIRECT itself is fairly complex. Try using DNAT instead, since that only affects the
In either case you MUST have Squid listening on that receiving port of the same box. Along with the bypass iptables rules to prevent looping Squids outbound port 80 traffic back into Squid.
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10