From what i understood from the page you linked i put this in the firewall of
the router
# nvram set rc_firewall="
iptables -t nat -A PREROUTING -s 192.168.3.107 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
"
[Ctrl+D]
# nvram commit
at that point i lost net access , i could connect to the router but i
couldnt even access its firmware screen, reset the router to original config
and reloaded my backup image with the ols script and im back up and running
but still have my problem. what did i miss?
> There you go. It's the way you are doing interception.
> NAT is a destructive process, it drops the original source IPs from the
> IP-layer information. Thats just the way NAT operates.
>
> What you want to do instead is selectively route the port 80 traffic to
> the squid box and do the intercept NAT there instead of on the router.
> see
> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
>
> for an example of how to set that up at the router.
> The linked REDIRECT page has rules for the Squid box setup.
>
> Amos
>
>
-- View this message in context: http://www.nabble.com/unable-to-see-client-ip-address-in-log-file-tp21606298p21645576.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Sat Jan 24 2009 - 21:46:00 MST
This archive was generated by hypermail 2.2.0 : Mon Jan 26 2009 - 12:00:02 MST