tor 2006-05-11 klockan 09:27 -0300 skrev Jonis Maurin Ceará:
> Hi.
>
> I'm trying to user squid 3 qith transparent proxy but it doesn't work :(
> iptables on my gateway (other macine, 192.168.0.2):
> iptables -t nat -A PREROUTING -s 192.168.0.16 -p tcp --dport 80 -j DNAT
> --to 192.168.0.22:3129
Transparent operation requires the NAT to be done on the proxy. In the
router you should only policy route the traffic, not NAT it..
If you absolutely want to NAT the traffic in the router and not the
proxy then Squid needs to be configured as a vhost accelerator for the
whole internet for this to work reasonably well.
The reason why NAT must be done on the proxy is that Squid needs to know
the original destination address. If you NAT in the router then the
destination address is permanently lost there and the proxy has no means
of telling what the original destination address was.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT