Re: [squid-users] transparent proxy problem

From: Deeptish Dey <deeptish@dont-contact.us>
Date: Wed, 26 Sep 2001 19:01:47 +0530 (IST)

On Wed, 26 Sep 2001, Gurdeep Singh wrote:

:)Hello,
:)
:)My squid transparent proxy shows the apache's default page for every URL
:)accessed.
:)
:)For eg. if I go to www.google.com, it shows the default page of apache,
:)which is no longer installed now. All the folders and files related to
:)apache are deleted.
:)
:)And for www.google.com/news, it tries to get http://192.168.1.10/news
:)and responds with error saying, The requested URL could not be
:)retrieved.
:)
:)192.168.1.10 is my proxy server.
:)
:)Following is my ipchains file, could anyone suggest me changes in it.
:)
:)How should I make transparent proxy work.
:)
:)If I access port 3128 directly through browser's proxy settings, squid
:)works fine.
:)
:)
:)Regards,
:)
:)Gurdeep
:)
:)
:)# Firewall configuration written by lokkit
:)# Manual customization of this file is not recommended.
:)# Note: ifup-post will punch the current nameservers through the
:)# firewall; such entries will *not* be listed here.
:):input ACCEPT
:):forward ACCEPT
:):output ACCEPT
:)-A input -p tcp -d 127.0.0.1/24 www -j ACCEPT
:)-A input -p tcp -d 192.168.1.10/24 www -j ACCEPT
:)-A input -p tcp -d any/0 www -j REDIRECT 3128
:)-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
:)-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
:)-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
:)-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
:)-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
:)-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
:)-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
:)-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
:)-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
:)-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
:)-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
:)

-------- the following working for me, try out gurdeep

/sbin/ipchains -A input -j ACCEPT -s 127.0.0.1/32 -d 127.0.0.1/32
/sbin/ipchains -A input -j ACCEPT -p tcp -s 0/0 -d your_lan_ip 80
/sbin/ipchains -A input -p tcp -s your_lan_ip -d 0/0 80 -j REDIRECT 3128
/sbin/ipchains -A input -j ACCEPT -s lan_ip -d 0/0
/sbin/ipchains -A input -j ACCEPT -d lan_ip
Received on Wed Sep 26 2001 - 07:50:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:29 MST