Hi Amos,
Amos Jeffries wrote:
>> LO_REDIRECT=3129
>> $IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
>> --dport $HTTP -j ACCEPT
>> $IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp -s $LAN_NET --dport $HTTP \
>> -j REDIRECT --to-ports $LO_REDIRECT
>> $IPTB -t nat -A POSTROUTING -o $INET_IF -p tcp -j MASQUERADE
>> $IPTB -t mangle -A PREROUTING -p tcp --dport $LO_REDIRECT -j DROP
>>
>> squid.conf:
>>
>> http_port 3129 transparent
>>
>> (are there other options that I need to consider?)
>>
>> From within the LAN_NET, I get a time out error.
>
> You are missing the rule which prevents packets leaving Squid from being
> looped back into Squid again.
>
> You seem to have one preventing external (WAN) traffic from being NAT'd
> into Squid instead.
>
> Try this:
>
> $IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
> --dport $HTTP -j ACCEPT
>
> $IPTB -t nat -A PREROUTING -s $SQUID_IP -p tcp --dport 80 -j ACCEPT
>
> $IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp \
> -s $LAN_NET --dport $HTTP \
> -j REDIRECT --to-ports $LO_REDIRECT
In my case, wouldn't $SQUID_IP = $INET_IP?
Thanks
Ed
Received on Wed Apr 20 2011 - 06:19:29 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 20 2011 - 12:00:03 MDT