Re: [squid-users] Squid Transparent Proxy not work

From: duren duren <[email protected]>
Date: Fri, 25 Jan 2008 22:13:05 -0800 (PST)

--- Amos Jeffries <squid3@treenet.co.nz> wrote:

> > #### USER 1
> > $IPT -A PREROUTING -t nat -i $LAN -s $USER1 -m mac
> > --mac-source $MAC_USER1 -j ACCEPT
> > $IPT -t nat -A PREROUTING -i $LAN -s $USER1 -p tcp
> > --dport 80 -j REDIRECT --to-port 3128
> > $IPT -A PREROUTING -t nat -i $LAN -s ! $USER1 -m
> mac
> > --mac-source $MAC_USER1 -j DROP
> >
>
> Well, thats broken.
> To see what its doing go:
> iptables -t nat -L PREROUTING -v
> I expect the REDIRECT counters are all '0'.
> Because anything that comes in from user1 gets
> accepted before the
> REDIRECT. I think line 2 and 1 should be reversed.
>

thanks Amos, it works :-)
you right, using old rule, when i see with command
iptables -t nat -L PREROUTING -v, REDIRECT counters
'0'

now i move 2 into 1 and 1 into 2, REDIRECT counter not
'0'

once again, thanks for your help :)

>
> see note above on iptables rules.
> Second, do you have arp-relay enabled on your
> network or are the clients
> directly connected?
> Without arp-relay squid will only see the MAC
> address of the
> router/bridging device that connects to the squid
> box. Your IP and MAC
> rules may be redundant.
>
> Amos

i'm not using arp-relay. May i know, what is arp-relay
& must i use this with my proxy?

1 more question, is't possible if i write rule like
this?
$IPT -t nat -A PREROUTING -i $LAN -s $USER2 -m mac
--mac-source $MAC_USER2 -p tcp --dport 80 -j REDIRECT
--to-ports 3128

last question, how to reply email in squid user
mailing list, when i click reply, email address not to
squid-users@ squid-cache.org, but to user

thanks

      ____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Received on Fri Jan 25 2008 - 23:13:14 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST