Re: [squid-users] iptables and transparent proxy squid

From: Ariel Molina Rueda <[email protected]>
Date: Tue, 13 Apr 2004 17:17:28 -0500

Mensaje citado por Darren Spruell <darren_spruell@sento.com>:

> Ariel Molina Rueda wrote:
> [...]
> > I cant find the way to capture www traffic, i use iptables but
> > the access.log file in Squid log is always empty, so squid is not
> > receiving anything.
> >
> > Is there a second way to do this without using a bridge?
> > why iptables isnt working?
> >
> > I found this
> > http://www.squid-cache.org/mail-archive/squid-users/200303/1213.html
> >
> > but it doesnt say how to solve the problem.
> > If there is a second way to solve this i would like to hear about that...
>
> Could you just redirect all port 80 traffic going in on your router
> interface back to the 200.x.x.11 address for squid? You would have to
> not redirect from the proxy out.

I really dont want to do that, that's why im using a bridge and messing up with
iptables on the squid machine itself.

I easily could modify routing in the main router, but the problem will be when
the squid server crashes (or even worse, if it dies!), if the Squid machine has
a problem i will have to re-adapt routing.

In the other hand, if i use a bridge (os something similar) i can just unplug
the cable from the squid-box, and plug it to the router; this will easily and
quickly restore web access, until i figure out what happened to the squid-box.

So i need a transparent squid-box that can be replaced, updated or removed
(when
it dies) anytime.

I know some people has been doing it but i just been unable to find out a site
that tells me how.

The last thing i found is that iptables can not "see" the bridge packages and
that i need ebtables and a kernel patch.

But in the how to of squid transparent it says something about a bridged
transparent proxy. I just wont work, i have tried it.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Received on Tue Apr 13 2004 - 16:17:30 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT