I thought I would post this here also, even though I think it is more of an IPTABLES question, but my Squid box is affecting the outcome. I have it posted on netfilter. My main Squid Filter has Private IP of 192.168.1.1 (eth1) and a public IP of 1.1.1.1 (eth0). It also has a virtual public IP of 1.1.1.2 (eth0:0). I have a web server that sits behind the Squid box with name EXAMPLE.ORG and a private IP of 192.168.1.2, which resolves to the 1.1.1.2. Everything works fine outside the network when I go to EXAMPLE.ORG. Everything works fine in the network if I go to EXAMPLE.ORG without pointing my browser to the Squid proxy. Once I point my browser to the Squid proxy though and try to go to EXAMPLE.ORG, it comes back to the webpage of 1.1.1.1 which is my Squid box. Any idea why it would matter if I go through Squid or not? I broke my IPTABLES down to almost nothing just to test. I'll post them below in case anyone uses them and can tell me if I need to do something different to make them work with Squid. I am about to give up. I DO NOT have an internal DNS server so right now that is not an option. I am getting ready to set one up, but wanted this working first. I assume the internal DNS server will get rid of the problem, I hope it does not matter at that point if I go though Squid or not. Thanks for any suggestions. ------------------------------------------------------------- #!/bin/sh EXT_IP="1.1.1.0/24" EXT_IFACE="eth0" EXT_BROADCAST="1.1.1.255" INT_IP="192.168.0.1" INT_IP_RANGE="192.168.0.0/16" INT_IFACE="eth1" LO_IFACE="lo" LO_IP="127.0.0.1" IPTABLES="/sbin/iptables" /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe iptable_filter /sbin/modprobe iptable_mangle /sbin/modprobe iptable_nat /sbin/modprobe ipt_LOG /sbin/modprobe ipt_limit /sbin/modprobe ipt_state #Non required modules /sbin/modprobe ipt_owner /sbin/modprobe ipt_REJECT #/sbin/modprobe ipt_MASQUERADE #/sbin/modprobe ip_conntrack_ftp #/sbin/modprobe ip_conntrack_irc #/sbin/modprobe ip_nat_ftp #/sbin/modprobe ip_nat_irc echo "1" > /proc/sys/net/ipv4/ip_forward #Create default policies and FLUSH the chains $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD ACCEPT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t mangle -F #Allow the local network $IPTABLES -t nat -A PREROUTING -d 1.1.1.2 -p tcp -j DNAT --to-destination 192.168.0.2 $IPTABLES -t nat -A POSTROUTING -d 192.168.0.2 -s 192.168.0.0/16 -j SNAT --to-source 1.1.1.2 $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1.1.1.1 -- Scott Mayo Mayo's Pioneer Seeds
