heythanks:i post in detaili have an openwrt box. clients are attached there to the 192.168.2.0/24 network via nat. i attached the router as a wan device on my 192.168.1.0/24 with 192.168.1.254 as my internet gateway.i have a squidbox with squid 4 running on ports 3128 and 3129 and 3130.i forward the traffic from the openwrt via:iptables -t mangle -A PREROUTING -j ACCEPT -p tcp--dport 80 -s 192.168.1.222iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80iptables -t mangle -A PREROUTING -j ACCEPT -p tcp--dport 443 -s 192.168.1.222iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 443ip rule add fwmark 3 table 2ip route add default via 192.168.1.222 dev eth0.2table 2on the squid box redirected it viaiptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3129iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128http works finehttps brings:ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: https://192.168.1.222/*
Connection to 192.168.1.222 failed.
The system returned: (111) Connection refused
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.
i had this working a while ago but i forget how.
Am 08.11.2017 05:32 schrieb "Amos Jeffries" <squid3@xxxxxxxxxxxxx>:On 08/11/17 04:52, snable snable wrote:
Hello
i forward from.my openwrt router the traffic for 443 and 80 to my squid box to port 3129 and 3128
What do you mean by "forward" ?
Any dst-IP:port NAT operation *MUST* only happen on the Squid device itself or _later_ down the traffic path. Traffic must be *routed* to that Squid device.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
