Hello
My network layout:
---LAN---SWITCH1---CORE_SWITCH---SQUID---JUNIPER(hw firewall)---NET----
SWITCH2--|
the suid server interfaces in bridge.
the server side ip adresses 172.21.253.0-200
the client side: 172.21.1.0-254
the switch1 : client side, default gw for clients
switch2: server side, def gw for servers
Core switch: All traffic meeting point, no restriction
Juniper: Hw firewall, gw for switches. 2 outside ip and one internal ip
(172.21.253.254).
Squid: two interfaces (eth0,1) bridged to 172.21.253.250, no iptables
restriction, only forward the packets from 80 to squid. The def.gw
172.21.253.254
the squid contains these lines:
http_port 8080
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_host virtual
and the iptables:
iptables -A PREROUTING -t nat -m tcp -p tcp --dport 80 -j REDIRECT
--to-port 8080
ubuntu 5.10 (Breezy Badger)
squid 2.5 Stable 10
iptables 1.3.1
Best regards.
>
>
> On Thu, 3 Nov 2005, CsY wrote:
>
>> and what you think, how can i resolve this problem?
>
> Can't tell much without knowing your network layout. What I can tell
> is that fror interception to work the packets MUST one way or another
> travel via the proxy box. The Squid FAQ contains some methods on how
> to do this.
>
> Regards
> Henrik
>
> _____________ NOD32 1.1275 (20051103) Információ _____________
>
> Az üzenetet a NOD32 antivirus system megvizsgálta.
> http://www.nod32.hu
>
>
>
Received on Fri Nov 04 2005 - 02:02:55 MST
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST