Hi,
Here is quick info on my environment -
I have a CentOS 5.3 box server as firewall/gateway/router.
It has two interfaces
eth0 - public internetIP
eth1 - internal network IP (10.9.32.1)
The server hands out DHCP to all clients, and the server is the gateway.
I have installed squid proxy, and configured it to allow the local subnet,
and added transparent option.
I added this to my iptables
# http proxy redirect
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination
10.9.32.1:3128
-A POSTROUTING -o eth0 -j MASQUERADE
The transparent caching now appears to work. However I came across this
article which says this: "WARNING: This method of interception is not
recommended. There are other methods such as Proxy.PAC and http_proxy
environment variable which are as effective and less intrusive when multiple
clients are involved."
http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource
So I am trying to find the better way to do this. This is what I have come
up with so far but does not seem to be working:
-A PREROUTING -i eth0 -p tcp --dport 80 -j ACCEPT
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
-A POSTROUTING -o eth0 -j MASQUERADE
Is this correct? Does anyone have better suggestions on how to do this?
Thanks.
NOTE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and destroy or delete all copies of the message, including any attachments.
Received on Wed Oct 14 2009 - 21:19:42 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 15 2009 - 12:00:03 MDT