For "transparent interception" to work proper Squid needs to run on the
box performing the TCP/IP interception, not on another box.
To do this correctly in your setup you can use the CONNMARK patch to
iptables, allowing you to selectively route TCP connections to the Squid
server by marking the connection and then applying "Advanced Routing" to
route based on the fwmark. Then use the REDIECT iptables target on the
Squid server to intercept the packets. See also the Squid FAQ.
The benefit of using CONNMARK is that this allows you to route ICMP
traffic as well, not only TCP, allowing Path MTU discovery to still
function properly between the proxy and client.
Regards
Henrik
"Aklei G. Kessy" wrote:
>
> am running Squid and NAT on different boxes. My NAT external interface is in
> the same network as my Squid Box.
>
> I'd like to do transparency proxying, that is when the HTTP requests from
> internal network reach the firewall in my NAT box be forwarded to the squid
> box.
>
> can anyone help on this. am using IPTABLES
>
> aklei
>
> -------------------------------------------------------
Received on Wed Nov 27 2002 - 04:30:44 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:36 MST