> All iptables rules here implemented on firewall-box.
> I have also check the access.log of squid guys,
> but there is nothing logged. :'(
> Its looks like firewall-box didn't make it redirect all web
> services to the squid-box.
to riderect all web traffic ( i.e port 80) to squid server.
your client's gateway should be the ip of the firewall. Pls check it.
And also, check your Dns server entries in Client's PCs. If they have been set,
Then, when clients browse internet ( i.e - accessing destination port
80), it should be redirected to squid box.
Now, your clients' gateway is the ip address of the firewall.
So, on your firewall box
add below lines.
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s squid-box
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
ip rule add fwmark 3 table 2
ip route add default via squid-box dev eth1 table 2
iptables -t nat -A POSTROUTING -o eth0 -s squid-box -j SNAT --to-source 1.2.3.4
1.2.3.4 is the external ip of the firewall (i.e - ip that connects to
your ISP router.)
Next step is, pls log in to your squid box.
On squid box.
add below rule
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
How can I solve this out...
This is something easy. Anyway, pls try the above rules again. If
there is no luck, pls draw your network diagram again. You have drwan
once before. But it is not so clear. While you draw your network
diagram, pls add your local ips( bogus ips). if you have any external
ips (internet ips) ,pls write them as 1.2.3.4 format. then , it would
be eacier to, when I wtrite rules.
-- Thank you Indunil JayasooriyaReceived on Mon Jan 14 2008 - 01:56:54 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST