Re: [squid-users] [help] setting up firewall policy for transparent (single-homed host) proxy

From: Rachmat Hidayat Al Anshar <rachmat_hidayat_03@dont-contact.us>
Date: Mon, 14 Jan 2008 00:00:05 -0800 (PST)

Hi Indunil...

All iptables rules here implemented on firewall-box.

I have also check the access.log of squid guys,
but there is nothing logged. :'(
Its looks like firewall-box didn't make it redirect all web
services to the squid-box. How can I solve this out...

I do need help here.. :'(
Thanks for all guys
Rachmat Hidayat Al Anshar

----- Original Message ----
> From: Indunil Jayasooriya <indunil75@gmail.com>
> To: Rachmat Hidayat Al Anshar <rachmat_hidayat_03@yahoo.com>
> Cc: squid cache <squid-users@squid-cache.org>
> Sent: Monday, January 14, 2008 1:34:09 PM
> Subject: Re: [squid-users] [help] setting up firewall policy for transparent (single-homed host) proxy
>
> on your squid box,
> > pls add below rule.
> >
> > iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j
> > REDIRECT --to-port 3128
>
>
>
> Where did you add below SNAT rule? On squid box or iptables box ?
> it should be added to iptables box. NOT to SQUID box.
>
> > in addition to that, Your squid box needs a SNAT rule , if it is
> > behind the SNATed networlk. Pls add it to iptables box.
>
> > rule like below. 1.2.3.4 is the external ip of iptables firewall
> box
>
 and ip address
> > 192.168.101.1 is the ip address of squid box. pls change it
> > accordingly
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.1 -j SNAT
> > --to-source 1.2.3.4
>
>
> --
> Thank you
> Indunil Jayasooriya
>

      ____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
Received on Mon Jan 14 2008 - 01:00:14 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST