Re: [squid-users] transparent proxy

From: Frank Eibisch <[email protected]>
Date: Tue, 20 Aug 2002 18:26:58 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 20. August 2002 16:22 schrieb Kamesh Patel:
> >Did you try any of my suggestions and what was the outcome?
> >
> >Is your proxy is running properly if you use it as a NON-transparant
> > proxy?
>
> My proxy port is 10000
>
> anything to port 10000 works fine i see this by watching the access.log
> file
>
> When i watch the log accepting data without proxy settings in my browser as
> in logging all comms through the following rule::
>
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -l -j ACCEPT
> -A input -s 192.168.2.0/255.255.255.0 80:80 -d 0.0.0.0/0.0.0.0 -p tcp -l -j
> REDIRECT 10000

You have set the source port to 80, but that is wrong. The source port is some
unpriviliged port >1024 and the destination port ist 80. Beside this, any
rule after an matching ACCEPT rule is not evaluated anymore. The packet
already is accepted (first match wins).

Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9Ym3eckz+aqW7MtQRAtrLAJ9OqzANMa/W7yh79HW/9FjHIZBDvACfVEuP
ZBxEDb6Kh+QYc8w+rfP3tcI=
=QKvs
-----END PGP SIGNATURE-----
Received on Tue Aug 20 2002 - 10:32:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:45 MST