Hello :),
I'm using Squid 2.4 stable 1 and iptables 1.2.4 on Mandrake 8.1 right now. I have 2 NIC in this comp, one for the LAN, other for Internet (NAT). Im using trasparent proxy, the problem is, as I implemented the transparent proxy, the security rule that i built in iptables is not working anymore....its look like it never been read :(. This problem occured when i move from ipchains to iptables
here is my configuration :
Squid :
http_port 10.100.100.10:55
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Iptables :
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -j MASQUERADE
iptables -A PREROUTING -t nat -i eth1 -s 10.0.0.0/8 -p tcp --dport www -j REDIRECT --to-port 55
iptables -A FORWARD -s 0/0 -d www.audiogalaxy.com -j DROP
iptables -A FORWARD -s 0/0 -d www.playboy.com -j DROP
n other security rule
the using of www site above just an example of my rule, sorry if it disturb
the point is if i just implement the MASQUERADE Rule without using squid ....every rule is working well, if i add the REDIRECT rule than every rule seems not working...(squid working well but u can still access the sites)
I know that iptables have 3 tables(NAT, MANGLE, FILTER) that have different priority, its looks like nat table have higher priority than filter table (FORWARD)...,and read from up-down, not like my ipchains rule
ipchains -A input -p tcp -d 0/0 www -j REDIRECT 55
that have same priority (FILTER), and read from up-down. Is there any way to make my rule on iptables working properly and still using squid ? and not using access list on squid...
Thanx
Vcunz
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Received on Sun Feb 03 2002 - 00:25:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:09 MST