[squid-users] Netfilter Not Working With Squid

From: Beng Santosa <vcunz2@dont-contact.us>
Date: Sun, 3 Feb 2002 14:19:58 +0700

Hello :),

I'm using Squid 2.4 stable 1 and iptables 1.2.4 on Mandrake 8.1 right now. I have 2 NIC in this comp, one for the LAN, other for Internet (NAT). Im using trasparent proxy, the problem is, as I implemented the transparent proxy, the security rule that i built in iptables is not working anymore....its look like it never been read :(. This problem occured when i move from ipchains to iptables

here is my configuration :
Squid :
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Iptables :
iptables -t nat -A POSTROUTING -s -d 0/0 -j MASQUERADE
iptables -A PREROUTING -t nat -i eth1 -s -p tcp --dport www -j REDIRECT --to-port 55
iptables -A FORWARD -s 0/0 -d www.audiogalaxy.com -j DROP
iptables -A FORWARD -s 0/0 -d www.playboy.com -j DROP
n other security rule
the using of www site above just an example of my rule, sorry if it disturb

the point is if i just implement the MASQUERADE Rule without using squid ....every rule is working well, if i add the REDIRECT rule than every rule seems not working...(squid working well but u can still access the sites)
    I know that iptables have 3 tables(NAT, MANGLE, FILTER) that have different priority, its looks like nat table have higher priority than filter table (FORWARD)...,and read from up-down, not like my ipchains rule
    ipchains -A input -p tcp -d 0/0 www -j REDIRECT 55
that have same priority (FILTER), and read from up-down. Is there any way to make my rule on iptables working properly and still using squid ? and not using access list on squid...



Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Received on Sun Feb 03 2002 - 00:25:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:09 MST