Search squid archive

Re: Squid not sending request to web

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos,
Below is the router script I have pasted into the firewall section of my
tomato router.  It does not seem to forward packets to the proxy. Any ideas
what I am doing wrong.  I am a newbie who is trying to learn.
Thanks for your help.

# IPv4 address of proxy
PROXYIP4= 192.168.1.16
# interface facing clients
CLIENTIFACE= eth0
# arbitrary mark used to route packets by the firewall. May be anything from
1 to 64.
FWMARK= 2
# permit Squid box out to the Internet
iptables -t mangle -A PREROUTING -p tcp --dport 80 -s $PROXYIP4 -j ACCEPT
# mark everything else on port 80 to be routed to the Squid box
iptables -t mangle -A PREROUTING -i $CLIENTIFACE -p tcp --dport 80 -j MARK
--set-mark $FWMARK
iptables -t mangle -A PREROUTING -m mark --mark $FWMARK -j ACCEPT
# NP: Ensure that traffic from inside the network is allowed to loop back
inside again.
iptables -t filter -A FORWARD -i $CLIENTIFACE -o $CLIENTIFACE -p tcp --dport
80 -j ACCEPT
ip rule add fwmark 2 table proxy
ip route add default via $PROXYIP table proxy

Below is a listing of my routers iptables

.root@Router:/tmp/home/root# iptables -t nat -vL;iptables -t filter -vL
Chain PREROUTING (policy ACCEPT 106 packets, 13596 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere           
udp dpt:1194 
    0     0 WANPREROUTING  all  --  any    any     anywhere            
wan-ip.Router       
    0     0 DROP       all  --  ppp0   any     anywhere            
192.168.1.0/24      
    0     0 upnp       all  --  any    any     anywhere            
wan-ip.Router       

Chain POSTROUTING (policy ACCEPT 22 packets, 1867 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
   48  3298 MASQUERADE  all  --  any    tun11   192.168.1.0/24      
anywhere            
    0     0 MASQUERADE  all  --  any    ppp0    anywhere            
anywhere            
    6  2412 SNAT       all  --  any    br0     192.168.1.0/24      
192.168.1.0/24      to:192.168.1.1 

Chain OUTPUT (policy ACCEPT 28 packets, 4279 bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain WANPREROUTING (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DNAT       icmp --  any    any     anywhere             anywhere           
to:192.168.1.1 
    0     0 DNAT       tcp  --  any    any     192.168.1.0/24       anywhere           
tcp dpt:www to:192.168.1.16:3128 
    0     0 DNAT       udp  --  any    any     192.168.1.0/24       anywhere           
udp dpt:www to:192.168.1.16:3128 
    0     0 DNAT       tcp  --  any    any     anywhere             anywhere           
tcp dpt:63893 to:192.168.1.16 
    0     0 DNAT       udp  --  any    any     anywhere             anywhere           
udp dpt:63893 to:192.168.1.16 

Chain upnp (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     all  --  tun21  any     anywhere             anywhere            
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere           
udp dpt:1194 
   25  2970 ACCEPT     all  --  tun11  any     anywhere             anywhere            
    0     0 DROP       all  --  any    any     anywhere             anywhere           
state INVALID 
 5813 7936K ACCEPT     all  --  any    any     anywhere             anywhere           
state RELATED,ESTABLISHED 
    0     0 shlimit    tcp  --  any    any     anywhere             anywhere           
tcp dpt:ssh state NEW 
    8   564 ACCEPT     all  --  lo     any     anywhere             anywhere            
  119 14722 ACCEPT     all  --  br0    any     anywhere             anywhere            

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 DROP       all  --  br0    vlan1   anywhere             anywhere            
    0     0 DROP       all  --  br0    ppp0    anywhere             anywhere            
    0     0 DROP       all  --  br0    vlan2   anywhere             anywhere            
    0     0 ACCEPT     all  --  tun21  any     anywhere             anywhere            
 5554 7375K ACCEPT     all  --  tun11  any     anywhere             anywhere            
 3638  539K            all  --  any    any     anywhere             anywhere           
account: network/netmask: 192.168.1.0/255.255.255.0 name: lan 
    0     0 ACCEPT     all  --  br0    br0     anywhere             anywhere            
    2    80 DROP       all  --  any    any     anywhere             anywhere           
state INVALID 
   82  5024 TCPMSS     tcp  --  any    any     anywhere             anywhere           
tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
 3544  533K ACCEPT     all  --  any    any     anywhere             anywhere           
state RELATED,ESTABLISHED 
    0     0 wanin      all  --  ppp0   any     anywhere             anywhere            
    0     0 wanout     all  --  any    ppp0    anywhere             anywhere            
   92  5982 ACCEPT     all  --  br0    any     anywhere             anywhere            
    0     0 upnp       all  --  ppp0   any     anywhere             anywhere            
    0     0 ACCEPT     tcp  --  -o     any     anywhere             anywhere           
tcp dpt:www 

Chain OUTPUT (policy ACCEPT 3587 packets, 554K bytes)
 pkts bytes target     prot opt in     out     source              
destination         

Chain shlimit (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0            all  --  any    any     anywhere             anywhere           
recent: SET name: shlimit side: source 
    0     0 DROP       all  --  any    any     anywhere             anywhere           
recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source 

Chain upnp (1 references)
 pkts bytes target     prot opt in     out     source              
destination         

Chain wanin (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 ACCEPT     tcp  --  any    any     192.168.1.0/24      
freenas.Router      tcp dpt:squid 
    0     0 ACCEPT     udp  --  any    any     192.168.1.0/24      
freenas.Router      udp dpt:3128 
    0     0 ACCEPT     tcp  --  any    any     anywhere            
freenas.Router      tcp dpt:63893 
    0     0 ACCEPT     udp  --  any    any     anywhere            
freenas.Router      udp dpt:63893 

Chain wanout (1 references)
 pkts bytes target     prot opt in     out     source              
destination         
root@Router:/tmp/home/root# 




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-not-sending-request-to-web-tp4665512p4665548.html
Sent from the Squid - Users mailing list archive at Nabble.com.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux