Re: AW: [squid-users] proxy : redirect

From: Alexey Talikov <[email protected]>
Date: Sat, 20 Apr 2002 20:46:16 +0500

sorry! I don't work with ipchains at least 1 y.
change rules
ipchains -A INPUT -i $IFACE -s $INET/$MASK -d 0.0.0.0/0 -p tcp -j REDIRECT 3128
ipchains -A INPUT -i $IFACE -s $INET/$MASK -d 0.0.0.0/0 -p udp -j REDIRECT 3128
$INET is your network and $MASK - mask don't write as is !!!
for example 192.168.1.0/24 or 192.168.1.0/255.255.255.255.0
transparent working fine without --enable-linux-netfilter (kernel-2.2.x)
if have problems use it
read man for ipchains for syntax

21.04.2002 3:40:20, Payal <rpayal@indiainfo.com> wrote:

>Hi all,
>Thanks Alexey and Henrik. Aexey, ur solution did not work out properly.
>Gave errors like
>ipchains -A INPUT -i $IFACE -s $INET/$MASK -d 0.0.0.0/0 -j REDIRECT 3128
>Warning: wierd character in interface `-s' (No aliases, :, ! or *).
>Try `ipchains -h' or 'ipchains --help' for more information.
>[root@localhost root]# ipchains -A input -i lo -s 127.0.0.1 -d 0.0.0.0/0 -j
>REDIRECT 3128
>ipchains: redirecting only allowed with TCP or UDP
>Try `ipchains -h' or 'ipchains --help' for more information.
>> As you speak about iptables I assume you are running a Linux 2.4
>> kernel, then Squid should be configured with --enable-linux-netfilter.
>I didn't want to use iptables just because I have not used iptables anytimes
>and don't know how they work. I had used ipchains a bit atleast.
>> Note: It is strongly advised to use iptables in favor of ipchains on
>> Linux-2.4. ipchains under Linux-2.4 is not the same ipchains as
>> Linux-2.2 but a poorly tested emulation layer ontop of netfilter.
>> This ipchains emulation layer is known to be broken in quite many
>> Linux-2.4 versions, especially when doing redirection..
>Where can I find more information on this topic????
>> And note: Only traffic routed via the Squid server can be
>> intercepted.
>No, I didn't get this point. Can you tell more?
>>See the Squid FAQ for at least three alternatives on how
>> to route the traffic to the Squid server..
>Yes, but they are using ipfwadm, ipchains and iptables.
>> General advice: Avoid interception if you can. It is a very ugly TCP
>> hack and should only be used as a last resort.
>what interception? I didn't get this also.
>Sorry to trouble the group in general and Henrik in particular but I am
>pretty desparate to get this working.
>Also, I have SuSE Linux 7.1 that also does not work with transparent squid
>proxy. I bellieve that the kernel is 2.2 there.
>THanks a lot in advance and waiting for the reply.
>-Payal
>
>> > > to squid. So, I do simple setup like, ipchains -A input -j ACCEPT
>> > > -s localhost -d localhost
>> > > ipchains -A input -p tcp -d 0/0 80 -j REDIRECT 3128
>> > > #ipchains -L
>> > > Chain input (policy ACCEPT):
>> > > target prot opt source destination
>> > > ports ACCEPT all ------ localhost.localdomain
>> > > localhost.localdomain n/a REDIRECT tcp ------ anywhere
>> > > anywhere any -> http => squid
>> > > Chain forward (policy ACCEPT):
>> > > Chain output (policy ACCEPT):
>
Received on Sat Apr 20 2002 - 09:46:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:37 MST