Piotr Strycharz wrote:
>
> Hi.
>
> Although the problem is loosely related to Squid I have decided to post this
> message to this forum.
> First: small 'picture':
>
> {Internet} --(WAN)--[ Squid box + firewall ]--(LAN)--[ NT+IIS ]
>
> The Squid (2.3S4) box is set up on Linux 2.2.16. I have WWW Server (IIS)
> running on NT (internal) machine. The ipchains rules allow Internet user to
> connect to this machine transparently via firewall. These rules are:
> ipchains -A forward -p TCP -s $ntip/32 80 -j MASQ
> ipmasqadm portfw -f
> ipmasqadm portfw -a -P tcp -L $extip0 80 -R $ntip 80
> While this configuration is working well for external users, it does not
> allow intranet users to connect to server.
This is a Linux Masquerade/portfw question, not related to Squid in any
manner.
You most likely have to disable ICMP redirects to make it work for
intranet users.
echo 0 >/proc/sys/net/ipv4/conf/eth0/send_redirects
(assuming eth0 is the internal interface).
-- Henrik Nordstrom Squid hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Oct 25 2000 - 15:44:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:57 MST