transparent Proxy

From: Dorian McFarlane <[email protected]>
Date: Fri, 6 Aug 1999 09:09:39 -0500

I am attempting to get transparent proxy working a linux box. I am running
Squid2.2STABLE4
on linux 2.2.5-15. If I set up my browser to use squid as a proxy, it works. But
 it does not
work in transparent mode. I followed the steps listed in FAQ 17. I am not sure
what else to
do. It could be that there is a problem with ip forwarding, but I am not sure
how to verify that
it is working.

Below is the network portion of my kernel, and the ipchains rules.

I am missing anything??
If anyone have any suggestions please let me know..
Thanks...

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_FIREWALL=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_LARGE_TABLES=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_PNP=y
# CONFIG_IP_PNP_BOOTP is not set
# CONFIG_IP_PNP_RARP is not set
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
# CONFIG_IP_ROUTE_FWMARK is not set
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
# Protocol-specific masquerading support will be built as modules.
#
CONFIG_IP_MASQUERADE_ICMP=y

#
# Protocol-specific masquerading support will be built as modules.
#
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPGRE_BROADCAST=y
# CONFIG_IP_MROUTE is not set
CONFIG_IP_ALIAS=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y

Ipchains Setting..
>>ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT tcp ------ anywhere squid.norlight.com any -> www
REDIRECT tcp ------ anywhere anywhere any -> www
=> webcache
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

Dorian Mcfarlane
Norlight Telecommunications
Applications Engineering
phone: 414-792-7913
fax:414-792-7733
dam@norlight.com
Received on Fri Aug 06 1999 - 07:53:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:52 MST