After a bit of expermenting with useing squid+netfilter on my home
firewall to create a transparent proxy/cache I'm trying to figure out how
to do a similar setup at work. The big difference is that the firewall and
the squid server are not the same machine in the office. The problem is
that the suqid server is on the internal network.
My thought while sitting in traffic (amazing how exaust fumes create
bursts of genius, or insanity...) was that if I first driect all port 80
traffic from the squid box directly out to the rest of the world and route
everyone else to the squid box, then things would work without a loop as
traffic from the squid box would go out, everyone else would be directed
to the squid box, and since the squid box won't be routed back to itself,
it should work.
So let's see, from ideas into iptalbes...
iptables -t nat -A PREROUTING -i eth1 -p tcp -s squid.box --dport 80 -j
FORWARD
iptables -t nat -A PREROUTING -i eth1 -p tcp -s ! squid.box --dport 80 -j
REDIRECT --to squid.box --to-port 3128
Or maybe I have to use DNAT for the second line?
Anyway, the question is, does this have any chance of working, if so, am I
on the right track with my iptables rules?
Andrew S. Zbikowski | Home: 763.591.0977
http://www.ringworld.org | PCS: 612.306.6055
They must not get baseball sized hail in Redmond.
If they did MS would have realized HailStorm is a
bad name for their new services.
Received on Thu Jun 28 2001 - 09:43:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:52 MST