I have a patch for iptables to enable the use of DNAT/REDIRECT in OUTPUT
(and SNAT in INPUT), but generally it is better if you can do normal
proxying. Intercepting TCP is bad.
Regards
Henrik Nordstr�m
CTO
MARA Systems AB, Sweden
Dirk Wagner wrote:
>
> Henrik Nordstrom schrieb:
> >
> > Should work if the traffic is routed there for a start.. See the Squid
> > FAQ for details on how Squid needs to be configured.
> >
> > You can only intercept traffic routed to the box.
>
> That's the problem. IMHO, it can't work with the browser and the proxy running
> on the same machine as a transparent proxy. Now I do it with iptables. The
> line:
>
> iptables -A OUTPUT -d ! 127.0.0.1 -m owner --uid-owner 500 -j REJECT
>
> will force the use Squid on the loopback interface, because all packets in the
> OUTPUT chain with the destination 0/0, except the localhost, and all packets
> generated by a process running with uid=500 will be rejected. Squid is no
> longer in a "transparent" mode, but this doesn't matter.
>
> Dirk
> --
> Dirk-Michael Wagner *** Wagner.Dirk-Michael@web.de
>
> Open Minds. Open Sources. Open Future. - Linux!
Received on Mon Jan 21 2002 - 17:49:41 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:54 MST