Re: [squid-users] Transparent Squid dont work. Wrong iptables rules?

From: Ronny <[email protected]>
Date: Sat, 05 Mar 2005 09:38:23 +0300

>
>
>Hi,
>
>i want to use Squid 2.5Stable8 on my Debian Sarge System as a transparent
>Proxy. We've got i Firewall here (debian machine with iptables).
>
>The idea is, that the users from the local net (172.21.0.0/16) use the
>transparent proxy.
>
>Squid is running normal on the Proxy Machine and i've set the following
>options in squid.conf:
>
>httpd_accel_host virtual
>httpd_accel_port 80
>httpd_accel_with_proxy on
>httpd_accel_uses_host_header on
>
>We've tried the following iptables rules on the firewall:
>
>iptables -t nat - A PREROUTING -i "Interface for local net" -s !
>"squid-machine" -p tcp --dport 80 -j DNAT -- "squid-machine:3128"
>
>iptables -t nat -A POSTROUTING -o "Interface for local net" -s "172.21.0.0/16"
>-d "squid-machine" -j SNAT --to "localhost"
>
Has this machine got two interfaces?
Why use -i and -o on the same interface?See iptables howto or try
POSTROUTING on the outgoing interface but seems a routing thing!

>
>iptables -A FORWARD -s "172.21.0.0/16" -d "squid-machine" -i "Interface for
>local net" -o "Interface for local net" -p tcp --dport 3128 -j ACCEPT
>
>That doesnt work. What is wrong?
>
>Thanks for your answers
>
>
>

-- 
***************************************************************************
  / ''We can't become what we need to be by remaining what we are''\
  \ ,,                                                           ,,/
***************************************************************************
Received on Fri Mar 04 2005 - 23:39:23 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:01 MST