Hello
Well I am good on Squid, don't usually have any problems. Have
Squid2.4STABLE6 running on a RH7.2 box here for testing (finally get to
play with Squid after a long absence).
Now, I have it configured transparent, with iptables on that box getting
packets to Squid nicely with no problems, I set the box as my default
gateway and all works wonderfully.
However, my only option on this particular network is to have the firewall
(Check Point 4.1sp3) route packets to the Squid box.
I am using SRV_REDIRECT, and the firewall logs tell me that packets are
redirecting to the Squid machine OK... but I can't surf, and I see nothing
in access.log.
In the Howto by Daniel Kiracofe
http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-6.html
he suggests if an intermediary box is doing the forwarding, there should
be a rule like this:
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box \
-j SNAT --to iptables-box
so that, quoting Daniel "the reply comes back through the firewall,
instead of direct to the client."
I don't know why this is important, I can't get my head around it. If the
local network (source) wants to get to the squid box (dest), then nat the
source as if it were from the iptables box (or firewall)?
Or, if any of you have experience doing this with Check Point, please let
me know.
-- [Simon White. vim/mutt. simon@mtds.com. GIMPS:60.28% see www.mersenne.org] It is impossible to sharpen a pencil with a blunt axe. It is equally vain to try to do it with ten blunt axes instead. -- E. W. Dijkstra [Linux user #170823 http://counter.li.org. Home cooked signature rotator.]Received on Fri Mar 29 2002 - 11:33:01 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:12 MST