[squid-users] Transparent proxy, ipmasq, & apache

From: Joe Glass <[email protected]>
Date: 15 May 2003 14:53:46 -0400

Hello fellow squid-users,

I am trying to set up transparent proxying on a server running Redhat
8.0, Linux kernel 2.4.18, iptables 1.2.6a-2, and Squid 2.4 stable 7.
The server is connected to the internet with DHCP and runs IP
masquerading (with iptables) to the internal network, and also runs
apache web server (2.0.40) for the internal network.

My problem is, when I enable transparent proxying, internal clients are
no longer to access the apache web server with the server's fake FQDN
(because it isn't registered in the DNS database, the FQDN is only
listed in it's own /etc/hosts file as well as the internal client's
hosts file.) I've seen a few posts similar to this but none that quite
resolved my situation. The transparent proxying works great, and same
with the masquerading, but I can't access the web server on the
machine. My thoughts are to either 1) recompile squid and disabling the
internal dnsserver, 2) somehow add the fake FQDN to squid's dnsserver,
or 3) add a rule to iptables that doesn't redirect packets destined to
port 80 on the local machine (would that be a PREROUTING statement?
would that even be possible?). Do any of these thoughts sound like a
good idea, or are there other suggestions?

Thank you!
Joe Glass

Following are my pertinent iptables rule sets taken from
/etc/sysconfig/iptables:

[0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128
[19:2421] -A POSTROUTING -o eth1 -j MASQUERADE

The internal network is on eth0, and the real IP is on eth1.

Following are the pertinent squid.conf lines:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Received on Thu May 15 2003 - 13:00:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:41 MST