Your firewall rules look weird ?
REDIRECT tcp -- anywhere anywhere tcp dpt:http
i.e. http in and out goes to local port 3128 ?
I've got :
iptables -t nat -A PREROUTING -i $INT_IFACE -p tcp --dport 80 -j
REDIRECT --to-port 3128
i.e. If comming in the internal interface the use the proxy...
Also where is your NAT rule ? I assume you've left it out just in your
email ?
# All other connections default to firewalls IP
iptables -t nat -A POSTROUTING -o $EXT_IFACE -j SNAT --to-source
195.166.25.241
of course you need to allow forwarding of web :
# Allow All WEB
iptables -A FORWARD -o $EXT_IFACE -p tcp --dport 80 -m state --state NEW
-j ACCEPT
iptables -A FORWARD -o $EXT_IFACE -p tcp --dport 443 -m state --state
NEW -j ACCEPT
And then enable Staefull pass through :
# Allow any established connections to continue
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
PayalR wrote:
> Hi,
> I forgot to mention, I have
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> This was done by be before. Still the result is same. Also, for now I am
> using only one box and using a browser on the same box.
> Thanks and waiting eagerly to solve this issues with your help.
> -Payal
>
> On Monday 19 August 2002 08:29 pm, you wrote:
>
>>On Mon, 2002-08-19 at 14:53, PayalR wrote:
>>
>>Maybe you forgotten to insert:
>>
>>httpd_accel_host virtual
>>http_accel_port 0
>>httpd_accel_with_proxy on
>>httpd_accel_uses_host_header on
>>
>>Read the faq if this is suitable for U.
>>For me it works.
>>
>>in your squid.conf
>>greets
>>mic
>>
>>
>>>Hi all,
>>> I want to use squid as a transparent proxy. So, I read a few docs
>>>including white paper of visolve and did accordingly. I use Mandrake
>>>Linux 8.2 with default kernel 2.4.18-6mdk.
>>>
>>>Here are the steps I followed.
>>>1. I installed squid-2.4.STABLE1 using tar.gz with options
>>> ./configure --enable-linux-netfilter
>>>[ here I found that makefile created with ./configure
>>>--enable-linux-netfilter and just ./configure didn't have any difference
>>>]
>>>
>>>2. I edited the squid.conf properly to suit my requirements and started
>>>squid. It was working proeprly, a fact which I saw from access.log.
>>>
>>>3. Then,
>>>echo 1 > /proc/sys/net/ipv4/ip_forward
>>>iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port
>>>3128
>>>
>>>4. My rules were correct which was verified by,
>>>#iptables -t nat -L
>>>Chain PREROUTING (policy ACCEPT)
>>>target prot opt source destination
>>>REDIRECT tcp -- anywhere anywhere tcp dpt:http
>>>redir ports
>>>3128
>>>
>>>Chain POSTROUTING (policy ACCEPT)
>>>target prot opt source destination
>>>
>>>Chain OUTPUT (policy ACCEPT)
>>>target prot opt source destination
>>>
>>>5. Then I tried to browse without setting the cache in browser (links)
>>>settings. I could browse alright, but squid's logs were not getting
>>>filled. That meant squid was not being used.
>>>What must be the problem? I am having a hard time to solve this.
>>>Thanks a lot in advance and waiting eagerly for the replies.
>>>Bye.
>>>-Payal
>>
>
Received on Mon Aug 19 2002 - 12:08:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:44 MST