Re: [squid-users] Squid with by pass cards

From: Amos Jeffries <>
Date: Sat, 13 Aug 2011 18:48:02 +1200

On 13/08/11 18:14, Mustafa Shahanshah wrote:
> Hi I am trying to implement a squid proxy in transparent mode using a bypass card.
> what I have done so far is set both the eth devices on the bypass card in bridge mode br0 (The third dev eth0 is for maintenance)
> the squid is working fine, but try as i might i cant get the traffic to go through the proxy server. (route all port 80 traffic to the squid service and send out again)
> would it be better to configure the ports individually eth1 and eth2 and then have all the traffic from eth1 routed to the squid and out from eth2 ?
> I am totally lost here..
> all the examples that i have seen on the net so far involve
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3120 but the moment i set this up all the traffic tops (i.e. the bypass/bridge stops forwarding packets! ) but if i set the proxy in the browser i can still surf the net.
> Any Ideas ?

Packets going over a bridge do not go through any routing logics.
Including NAT. You must DROP them off the bridge before they can be
intercepted into Squid.

Since adding a NAT REDIRECT changes things it sounds like you have that
part working. But REDIRECT itself is fairly complex. Try using DNAT
instead, since that only affects the

In either case you MUST have Squid listening on that receiving port of
the same box. Along with the bypass iptables rules to prevent looping
Squids outbound port 80 traffic back into Squid.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for
Received on Sat Aug 13 2011 - 06:48:09 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 14 2011 - 12:00:02 MDT