On 20/04/11 19:49, cc wrote:
> Amos Jeffries wrote:
>> Only if the first of those rules is broken.
>>
>> ... -i $INET_IF -s $INET_IP matches traffic from another machine called
>> $INET_IP outside the current box.
>
> Hi Amos,
>
> I don't seem to be getting anywhere.
>
> Given that I redirect all outgoing port 80 traffic to the localhost:3190
> (or whatever), can I set up squid such that instead of sending the
> packets through the ACL filters et.al, it just basically displays a
> page (html file of some sort)? At this point, I really don't know
> what's blocking the traffic. I don't 'see' traffic going to LO.
>
> To make things easier, I run 'squid -N -X'.
>
> Right now, I don't know if my netfilter rules are missing
> something or my squid is not configured properly.
>
> BTW, instead of 3.x, I've gone back to 2.7 as I can get that thing
> compiled. 3.1.x is still giving me compilation errors.
>
> Will keep on trying this though.
>
> Ed
If you want to be certain whats happening use DNAT. Which only alters
what you explicitly configure. Our demo configs only change port so the
IPs stay predictable.
(Apparently DNAT is a bit faster too.)
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Wed Apr 20 2011 - 08:21:52 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 20 2011 - 12:00:03 MDT