Re: [squid-users] Question on transparent proxy with web server behind proxy.

From: Pieter De Wit <pieter_at_insync.za.net>
Date: Wed, 26 Jan 2011 07:06:37 +1300

Hi Ben,

On 26/01/2011 06:55, Ben Greear wrote:
> On 01/25/2011 09:48 AM, Pieter De Wit wrote:
>> Hi Ben,
>>
>> There sure is :)
>>
>> Change the IP Tables rule at the bottom to something like this:
>>
>> /sbin/iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.0.0/24
>> --dport 80 -j REDIRECT --to-port 3128
>>
>> Replace the 192.168 with your network. Keep in mind that you can have
>> multiples of these :)
>>
>> In a nutshell, IP Tables was making each request (even from the outside
>> world) go via Squid.
>
> Do you happen to know if it can be done based on incoming (real) port
> so we don't have to care about IP addresses?
>
You can, but that is not guaranteed, since the source port should be
assigned at random by the OS. Keep in mind that this will be
Chrome/IE/Firefox/<insert browser here> that makes the connection.
Having re-read your suggestion, are you not referring to the ethernet port ?
>> The other solution is to process those via squid, which will take some
>> load off the web servers.
>
> I'm a bit out of the loop, but for whatever reason, the users don't
> want this to happen.
>
> Thanks for the quick response!
>
> Ben
>
>
Received on Tue Jan 25 2011 - 18:06:42 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 25 2011 - 12:00:03 MST