Search squid archive

Re: Intercept mode failing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 03 January 2017 at 10:17:54, Hoggins! wrote:

> Hello list,
> 
> I'm trying to do a simple intercept with Squid. Here is my setup :
> 
> I have a LAN with machines on 192.168.22.0/24. Their gateway is
> 192.168.22.10. On this machine, I have set the following iptables rule :
> 
>     iptables -t nat -A PREROUTING -i eth0.100 ! -d 192.168.0.0/16 -p tcp
> --dport 80 -j DNAT --to 192.168.55.3:3129
> 
>     - 192.168.55.3 being the Squid server

No - you must do the NAT (or REDIRECT) rule *on the Squid server*.

If you need to use policy routing to get the packets to the Squid machine in 
the first place, that's okay, but this *must* be packet routing, not address 
translation.

See http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat 
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect and 
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute


Antony.

-- 
In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are 
British, the mechanics are German, the lovers are French, the entertainment is 
American, and everything is organised by the Swiss.

In Hell, the beer is American, the chefs are British, the supermarkets are 
German, the mechanics are French, the lovers are Swiss, the entertainment is 
Belgian, and everything is organised by the Italians.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux