On 15/11/2011 10:05 p.m., Ali Jawad wrote:
Hi
I have a server setup with SQUID for 6 users, these users do use the
same system on which squid is installed. Now my problem is that I want
to force all their traffic through SQUID. So I did setup the following
iptable rule on the server :
iptables -t nat -I OUTPUT -p tcp --dport 80 -j DNAT --to 192.168.0.165:3128
Where 192.168.0.165 is the squid server and the server the users use.
When a user tried to access a denied site, he gets access denied. When
he tried to access a white listed site he gets :
* Unable to forward this request at this time.
Well...
* Packets leaving Squid have TCP dport 80.
* Packets leaving the users agent have TCP dport 80.
How does NAT tell the difference?
Hint: use the process user ID match in iptables to exclude packets
leaving Squid from being NAT'ed back to Squid.
Amos
