Re: AW: [squid-users] proxy : redirect

Those ($IFACE, $INET, $MASK) are all shell variables. They have to have
something assigned to them to work. Or you could use the appropriate
values for your network, i.e.:

ipchains -A INPUT -i eth0 -s 192.168.1.0/24 -d 0/0 -j REDIRECT 3128

(Mine won't work literally either! You've got to fill in /your/ values! ;-)

Payal wrote:
> Hi all,
> Thanks Alexey and Henrik. Aexey, ur solution did not work out properly.
> Gave errors like
> ipchains -A INPUT -i $IFACE -s $INET/$MASK -d 0.0.0.0/0 -j REDIRECT 3128
> Warning: wierd character in interface `-s' (No aliases, :, ! or *).
> Try `ipchains -h' or 'ipchains --help' for more information.
> [root@localhost root]# ipchains -A input -i lo -s 127.0.0.1 -d 0.0.0.0/0 -j
> REDIRECT 3128
> ipchains: redirecting only allowed with TCP or UDP
> Try `ipchains -h' or 'ipchains --help' for more information.
>
>>As you speak about iptables I assume you are running a Linux 2.4
>>kernel, then Squid should be configured with --enable-linux-netfilter.
>
> I didn't want to use iptables just because I have not used iptables anytimes
> and don't know how they work. I had used ipchains a bit atleast.
>
>>Note: It is strongly advised to use iptables in favor of ipchains on
>>Linux-2.4. ipchains under Linux-2.4 is not the same ipchains as
>>Linux-2.2 but a poorly tested emulation layer ontop of netfilter.
>>This ipchains emulation layer is known to be broken in quite many
>>Linux-2.4 versions, especially when doing redirection..
>
> Where can I find more information on this topic????
>
>>And note: Only traffic routed via the Squid server can be
>>intercepted.
>
> No, I didn't get this point. Can you tell more?
>
>>See the Squid FAQ for at least three alternatives on how
>>to route the traffic to the Squid server..
>
> Yes, but they are using ipfwadm, ipchains and iptables.
>
>>General advice: Avoid interception if you can. It is a very ugly TCP
>>hack and should only be used as a last resort.
>
> what interception? I didn't get this also.
> Sorry to trouble the group in general and Henrik in particular but I am
> pretty desparate to get this working.
> Also, I have SuSE Linux 7.1 that also does not work with transparent squid
> proxy. I bellieve that the kernel is 2.2 there.
> THanks a lot in advance and waiting for the reply.
> -Payal
>
>
>>>>to squid. So, I do simple setup like, ipchains -A input -j ACCEPT
>>>>-s localhost -d localhost
>>>>ipchains -A input -p tcp -d 0/0 80 -j REDIRECT 3128
>>>>#ipchains -L
>>>>Chain input (policy ACCEPT):
>>>>target prot opt source destination
>>>> ports ACCEPT all ------ localhost.localdomain
>>>>localhost.localdomain n/a REDIRECT tcp ------ anywhere
>>>> anywhere any -> http => squid
>>>>Chain forward (policy ACCEPT):
>>>>Chain output (policy ACCEPT):
>>>
>
>
>

-- 
Joe Cooper <joe@swelltech.com>
http://www.swelltech.com
Web Caching Appliances and Support