On 15/11/2011 10:05 p.m., Ali Jawad wrote:
> Hi
>
> I have a server setup with SQUID for 6 users, these users do use the
> same system on which squid is installed. Now my problem is that I want
> to force all their traffic through SQUID. So I did setup the following
> iptable rule on the server :
>
> iptables -t nat -I OUTPUT -p tcp --dport 80 -j DNAT --to 192.168.0.165:3128
>
> Where 192.168.0.165 is the squid server and the server the users use.
>
> When a user tried to access a denied site, he gets access denied. When
> he tried to access a white listed site he gets :
>
> * Unable to forward this request at this time.
Well...
* Packets leaving Squid have TCP dport 80.
* Packets leaving the users agent have TCP dport 80.
How does NAT tell the difference?
Hint: use the process user ID match in iptables to exclude packets
leaving Squid from being NAT'ed back to Squid.
Amos
Received on Tue Nov 15 2011 - 10:39:57 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 12:00:03 MST