Re: [squid-users] Transparent Proxy on the Gateway Box

From: Francisco Obispo <fobispo@dont-contact.us>
Date: Mon, 22 Jul 2002 10:05:12 -0400

Hi..

you have to include a chain in the input...

ipchains -A input -s any/0 -d localhost 80 -j ACCEPT
ipchains -A input -s any/0 -d webserver 80 -j ACCEPT

this way, packets with destination localhost on port 80 won't be
redirected to
the cache...

-francisco

Wilson Mak wrote:

>Hi Brain,
>
>Yes, I did.
>cat /proc/sys/net/ipv4/ip_forward -> 1
>
>Wilson
>
>----- Original Message -----
>From: "Brian Leung" <brianlk@pacific.net.hk>
>To: "Wilson Mak" <wilson.mak@digitalview.com>
>Cc: <squid-users@squid-cache.org>
>Sent: Monday, July 22, 2002 2:29 PM
>Subject: Re: [squid-users] Transparent Proxy on the Gateway Box
>
>
>>hi,
>>did u enable ip forwarding on the proxy?
>>
>>Regards,
>>Brian Leung
>>System Engineer
>>Pacific Supernet
>>
>>On Mon, 22 Jul 2002, Wilson Mak wrote:
>>
>>>Dear all,
>>>
>>>I have set up a transparent proxy server on the gateway machine -
>>>
>10.1.0.1
>
>>>(default gateway to all the internal users), the config is as follows:
>>>
>>>OS: RedHat 6.2
>>>Cache Server: Squid/2.4.STABLE6
>>>Port redirection: ipchains -A input TCP -s 10.1.0.0/24 -d 0/0 80 -j
>>>
>REDIRECT
>
>>>3128
>>>Using Internal DNS server
>>>
>>>Squid.conf (Access Control):
>>>acl localhost src 127.0.0.1/255.255.255.255
>>>acl localnetwork src 10.1.0.0/255.255.255.0
>>>.....
>>>
>>>http_access allow localhost
>>>http_access allow localnetwork
>>>http_access deny all
>>>
>>>All the internal usres can access the Internal and internal web servers
>>>except the one on the gateway machine. When accessing the web server on
>>>
>the
>
>>>gateway machine (http://10.1.0.1), it always gives an error "The
>>>
>requested
>
>>>URL
>>>could not be retrieved. The following error was encountered: Access
>>>
>Denied.
>
>>>Acess control configuration prevents you request from being allowed at
>>>
>this
>
>>>time"
>>>(P.S The internal DNS can resolve this IP)
>>>
>>>Can someone help?
>>>
>>>Thanks in advance,
>>>
>>>Wilson
>>>
>>>
>>
>>
>
>
>
Received on Mon Jul 22 2002 - 08:05:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:19 MST