Re: [squid-users] Question on transparent proxy with web server behind proxy.

From: Ben Greear <greearb_at_candelatech.com>
Date: Tue, 25 Jan 2011 11:08:08 -0800

On 01/25/2011 10:36 AM, Ben Greear wrote:
> On 01/25/2011 10:06 AM, Pieter De Wit wrote:
>> Hi Ben,
>>
>> On 26/01/2011 06:55, Ben Greear wrote:
>>> On 01/25/2011 09:48 AM, Pieter De Wit wrote:
>>>> Hi Ben,
>>>>
>>>> There sure is :)
>>>>
>>>> Change the IP Tables rule at the bottom to something like this:
>>>>
>>>> /sbin/iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.0.0/24
>>>> --dport 80 -j REDIRECT --to-port 3128
>>>>
>>>> Replace the 192.168 with your network. Keep in mind that you can have
>>>> multiples of these :)
>>>>
>>>> In a nutshell, IP Tables was making each request (even from the outside
>>>> world) go via Squid.
>>>
>>> Do you happen to know if it can be done based on incoming (real) port
>>> so we don't have to care about IP addresses?
>>>
>> You can, but that is not guaranteed, since the source port should be
>> assigned at random by the OS. Keep in mind that this will be
>> Chrome/IE/Firefox/<insert browser here> that makes the connection.
>> Having re-read your suggestion, are you not referring to the ethernet
>> port ?
>
> I mean ethernet port/interface, something like '-i br0
> --original-input-dev eth0'
>
> If nothing comes to mind immediately, don't worry..I'll go read man
> pages :)

Looks like '--physdev-in eth0'
might do the trick..we'll do some testing.

Thanks,
Ben

>
> Thanks,
> Ben
>
>

-- 
Ben Greear <greearb_at_candelatech.com>
Candela Technologies Inc  http://www.candelatech.com
Received on Tue Jan 25 2011 - 19:08:14 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 26 2011 - 12:00:03 MST