[SQU] NEtfilter + transparent proxy

From: Etienne Roulland <[email protected]>
Date: Wed, 13 Sep 2000 10:17:39 +0200

Hi,

i'm trying to make some linux box with Netfilter + squid to securize some classrooms..
I'm running Slackware 7.1 ( kernel 2.4.0-test8 ) iptables 1.1.1 and squid 2.3.stable4.

My iptable script looks like :
/usr/local/bin/iptables -t nat -A POSTROUTING -s 192.168.73.0/24 -o eth0 -j SNAT --to aaa.bbb.ccc.ddd
/usr/local/bin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

To make my squid work as transparent i put :

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

in my squid.conf...

Normal proxying works fine if i set the proxy setting in netscape .... If i don't set this setting i get :

En essayant de charger l'URL : http://192.168.73.254/

L'erreur suivante a �t� rencontr�e :

       La connexion a �chou�

Le syst�me a retourn� :

    (111) Connection refused

192.168.73.254 is my netfilter/squid box ......

In the squid access.log says :

968832943.624 4 192.168.73.96 TCP_MISS/503 1133 GET http://192.168.73.254/ - DIRECT/192.168.73.254 -

it looks like squid does'nt forward my request...

In the FAQ i saw : CONFIG_IP_TRANSPARENT_PROXY=y
But i didn't sax any kind of this option in 2.4.xx kernel ......

Any idea ?

--
Etienne Roulland - CRI Universite de Poitiers
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Sep 13 2000 - 02:20:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:16 MST