prophetmr wrote:
> From what i understood from the page you linked i put this in the firewall of
> the router
>
> # nvram set rc_firewall="
> iptables -t nat -A PREROUTING -s 192.168.3.107 -p tcp --dport 80 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
> iptables -t nat -A POSTROUTING -j MASQUERADE
> "
> [Ctrl+D]
> # nvram commit
>
> at that point i lost net access , i could connect to the router but i
> couldnt even access its firmware screen, reset the router to original config
> and reloaded my backup image with the ols script and im back up and running
> but still have my problem. what did i miss?
>
That was not on the page I linked. It was on one of the linked pages
with information on what the squid box config needs to look like. Other
end of the routing linkage.
The page I linked to for the router setup, uses "mark" on packets, in
the "mangle" table.
>
>
>> There you go. It's the way you are doing interception.
>> NAT is a destructive process, it drops the original source IPs from the
>> IP-layer information. Thats just the way NAT operates.
>>
>> What you want to do instead is selectively route the port 80 traffic to
>> the squid box and do the intercept NAT there instead of on the router.
>> see
>> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
>>
>> for an example of how to set that up at the router.
>> The linked REDIRECT page has rules for the Squid box setup.
>>
>> Amos
>>
>>
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12 Current Beta Squid 3.1.0.3Received on Mon Jan 26 2009 - 00:37:12 MST
This archive was generated by hypermail 2.2.0 : Mon Jan 26 2009 - 12:00:02 MST