Re: [squid-users] Squid transparent proxy and bridge question

From: usman fool <[email protected]>
Date: Wed, 24 Mar 2004 20:25:07 +0000

>From: Matthew Tanase <tanase@qaddisin.com>
>Reply-To: Matthew Tanase <tanase@qaddisin.com>
>To: usman fool <usman_fool@hotmail.com>
>CC: squid-users@squid-cache.org
>Subject: Re: [squid-users] Squid transparent proxy and bridge question
>Date: Wed, 24 Mar 2004 11:43:17 -0800 (PST)
>
> A couple of things since my initial post. I verified the machine do
>indeed have DNS access (I can ping hosts), so that shouldn't be a problem.
>I had to use "iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
>squidbox:3128" to get Squid working, not sure why. Now however, everything
>is denied with TCP_MISS 504/503 errors - is this an ACL problem or
>iptables.

add one more thing
iptables -t nat -I PREROUTING -p tcp --dport 80 -s ! squidbox -j DNAT --to
squidbox:3128
OR
u need these 2 commands
iptables -t nat -I PREROUTING -p tcp --dport 80 -s squidbox -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 80 -s yournetwork -j DNAT
--to squidbox:3128

because may be your squid traffic is again redirected to squid.if squid
gateway is the bridge.

sketch your network diagram clearly.
whats the gateway of squidbox?
whats the gateway of bridge?
whats the gateway on clients?

>My other question - why the POSTROUTING - I already have the PREROUTING.
>And why isn't REDIRECT working, it's my understanding that DNAT is
>REDIRECT, but you have to specific a host...
>

sorry that was a mistake.

usman.

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
Received on Wed Mar 24 2004 - 13:25:11 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:03 MST