On Tuesday 03 January 2017 at 10:17:54, Hoggins! wrote: > Hello list, > > I'm trying to do a simple intercept with Squid. Here is my setup : > > I have a LAN with machines on 192.168.22.0/24. Their gateway is > 192.168.22.10. On this machine, I have set the following iptables rule : > > iptables -t nat -A PREROUTING -i eth0.100 ! -d 192.168.0.0/16 -p tcp > --dport 80 -j DNAT --to 192.168.55.3:3129 > > - 192.168.55.3 being the Squid server No - you must do the NAT (or REDIRECT) rule *on the Squid server*. If you need to use policy routing to get the packets to the Squid machine in the first place, that's okay, but this *must* be packet routing, not address translation. See http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect and http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute Antony. -- In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are British, the mechanics are German, the lovers are French, the entertainment is American, and everything is organised by the Swiss. In Hell, the beer is American, the chefs are British, the supermarkets are German, the mechanics are French, the lovers are Swiss, the entertainment is Belgian, and everything is organised by the Italians. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
