Matus UHLAR - fantomas wrote:
>>> I have a Squid running on 192.168.1.1 listening on 3128 TCP port. Users
>>> from 192.168.1.0/24 can browse the Internet without problems thanks to a
>>> REDIRECT rule in my shorewall config.
>>>
>>> But users from differents networks (192.168.2.0/24, 192.168.3.0/24,
>>> etc.) can't browse the Internet. Those networks are connected to
>>> 192.168.1.0/24 via a VPN connection.
>>>
>>> My redirect rule in iptables syntax is like this:
>>>
>>> iptables -t nat -A PREROUTING -s 0.0.0.0/24 -i eth2 -p tcp --dport 80 -j
>>> REDIRECT --to-ports
>>>
>>> Is there a restriction to work transparent proxy for other networks
>>> different from 192.168.1.0/24? Do I have to configure squid to listen on
>>> each range o network addresses?
>
> On 07.10.08 16:09, Amos Jeffries wrote:
>> Your current rule is restricting the REDIRECT to specific interface and
>> 0.0.0.0 source. not sure host that 0.0.0.0 bit works.
>
> It probably has to be 0.0.0.0/0 which matches ALL IP's. 0.0.0.0/24 matches
> only 0.0.0.* which is nearly the same as nothing.
>
Can www get any confirmation on that. Because I thought the -s meant
source-IP. And the 0.0.0.0/8 range are invalid bogons. It only makes
sense as you say as an inverted mask.
The issue could be the eth2 setting.
Or if you are right about the 0.0.0.0/24, Matus, that bit may need
changing to 0.0.0.0/16 or similar to catch more subnets.
Amos
-- Please use Squid 2.7.STABLE4 or 3.0.STABLE9Received on Tue Oct 07 2008 - 11:27:48 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 08 2008 - 12:00:02 MDT