Re: [squid-users] squid transparent nat interception

From: Pawel Mojski <>
Date: Wed, 29 Aug 2012 15:07:56 +0200

W dniu 29-Aug-12 13:20, Eliezer Croitoru pisze:
> On 8/29/2012 1:15 PM, Pawel Mojski wrote:
>> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
>> i have strange error.
> it means that every packet the will go to port 80 will be redirected
> to squid ip+port and it means that the packets from squid are the same
> and will be looped.
> you should use the "-j REDIRECT instead of -j DNAT .
> also I recommend you to be explicit about the interface and ip's that
> will be intercepted by the proxy.
No, they are not.
The first of all, The problem appers even with no redirection. For example.
If I start squid, then telnet localhost 8081, the do:
GET / HTTP/1.0

then squid are going to connect to himself to port 8081. And doing it in
a loop.

The second think is the ip address of the squid i public ip address and
the router when I'm, doing redirect is somewhere in the internet
(ofcourse added to accepted acl).

But, Let's forgot redirections. Why it not work when I just start a
squid and connect to 8081 port?

Received on Wed Aug 29 2012 - 13:08:08 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 29 2012 - 12:00:08 MDT