[squid-users] Transparent Proxy

From: SSCR Internet Admin <[email protected]>
Date: Mon, 24 Mar 2003 14:49:50 -0800

I just enabled httpd_accelerator and those option on squid.conf for
transparent proxying, i have setup iptables so that anyone wishes to bypass
squid (direct connection) will be trap by iptables' PREROUTING and send them
back 3128, but cant access the page..

While trying to retrieve the URL: http://www.hotmail.com/

The following error was encountered:

Unable to determine IP address from host name for www.hotmail.com
The dnsserver returned:

Name Error: The domain name does not exist.
This means that:

 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.

And checking the logs, i have

192.168.100.107 - - [24/Mar/2003:15:10:16 +0800] "GET
http://www.hotmail.com/ HTTP/1.1" 503 1223 TCP_MISS:NONE

and i have this on my iptables script

#Trap Squid Bypass back to Squid
$IPT -t nat -A PREROUTING -p tcp -m tcp -i $INT --dport 80 -j
DNAT --to-destination 61.9.3.116:3128

# Source NAT everything heading out the $INT (external)
# interface to be the given IP.
#
#$IPT -t nat -A POSTROUTING -o $INT -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $INT -j SNAT --to 61.9.3.116
#$IPT -t nat -A POSTROUTING -o $INT -s 192.168.100.1/24 -d 0/0 -j MASQUERADE
#$IPT -t nat -A POSTROUTING -o $INT -s 192.168.111.1/24 -d 0/0 -j MASQUERADE

Hope someone could help with this...

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003
-- 
This message has been scanned for viruses and
dangerous contents on SSCR Email Scanner Server, and is
believed to be clean.
Received on Sun Mar 23 2003 - 23:39:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:19 MST