RE: [squid-users] squid + iptables

From: Kevin Thackray <kthackray@dont-contact.us>
Date: Wed, 6 Apr 2005 11:55:47 +0200

Dear all,

Many thanks for your quick reply! I added the rule in my iptables script and it parialy work, but it seems that the last problem, is dns resolving : computer in isolan can't resolve names. In my web browser, if I enter google ip, it's ok, but "www.google.com" not ok! On proxy box, the iptables policies are all to ACCEPT.
In my lan, I have a dns server, and in isolan, all computers have the same resolv.conf :
nameserver 192.168.0.1 (ip of dns server)
search <my domain>
As I don't do any forwarding on proxybox, I understand that computers in isolan can't reach the dns server! What sould I do best?? any advices are welcomed!

Regards,

Kevin.

Kevin Thackray
C&T Paradigm NV
BTW BE 0465.030.272 RPR Antwerpen
G. LeGrellelaan 10, B - 2020 Antwerpen
Tel +32(3)259 2266

mailto:kthackray@ctparadigm.be

This email is for the use of the intended recipient only. It may contain information that is legally privileged or confidential. If you are not the intended recipient, any disclosure, distribution or copying of this email is strictly prohibited and may be unlawful. If received in error, please reply to the sender confirming this, then delete the email.

> -----Original Message-----
> From: squidrunner team [mailto:squidrunner_dev@yahoo.com]
> Sent: Wednesday, April 06, 2005 10:50 AM
> To: Kevin Thackray; squid-users@squid-cache.org
> Subject: Re: [squid-users] squid + iptables
>
>
>
> > My Proxy box (slackware10.1 / 2.6.11.6) has 2 ip :
> > * Iso Lan : 192.168.2.1 (eth1)
> > * Lan : 192.168.0.80 (eth0)
> >
> > acl our_networks src 192.168.2.0/24
> > http_access allow our_networks
> > *****
> >
> > and I have setup 1 rule for iptable :
> > iptables -t nat -A PREROUTING -i eth1 -p TCP --dport
> > 80 -j REDIRECT --to-port 3128
>
> Your problem is your are allowing web-access of Iso
> lan with squid.conf file. But missing to redirect all
> 80 traffic to eth0 interface in iptables.
>
> Use as,
>
> iptables -t nat -A PREROUTING -i eth0 -p TCP --dport
> 80 -j REDIRECT --to-port 3128
>
> HTH.
>
> Best Regards,
> Squid Runner Team
>
> SquidRunner - An Automatic Squid Builder
> Web: http://freshmeat.net/projects/squidrunner/
> Mail: squidrunner_dev at yahoo dot com
>
>
>
> __________________________________
> Yahoo! Messenger
> Show us what our next emoticon should look like. Join the fun.
> http://www.advision.webevents.yahoo.com/emoticontest
>
Received on Wed Apr 06 2005 - 03:55:49 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT