Quick Links
openSUSE Forums
»
Squid and Transparent Proxy
|
||||||
| Forums FAQ | Members List | Search | Today's Posts | Mark Forums Read |
| Novell Archives Archived content from Novell openSUSE support forums |
|
|
LinkBack | Thread Tools | Display Modes |
05-Mar-2006, 15:01
|
|||
|
|||
Squid and Transparent Proxy
Good day,
Squid it's OK. Our server have 2 NICS, eth0 public and eth1 LAN. I need user can access Internet trough Squid within edit proxy connection preferences into workstation's browser. I try apply this iptables rule: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 Wich it's wrong? -- Thanks for your time, Regards, Juan L. Mera |
|
05-Mar-2006, 17:37
|
|||
|
|||
|
Re: Squid and Transparent Proxy
Juan Mera wrote:
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 8080 If you want a transparent proxy, you need to ensure that connections made from the LAN to port 80 are rerouted to the squid ports. This means that incoming packets with destination port 80 should be redirected for the internal interface, not the external interface. Since your internal interface is eth1, this should be: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \ -j REDIRECT --to-port 8080 That is, if you configured Squid to use port 8080. See: http://www.faqs.org/docs/Linux-mini/...tProxy.html#s5 -- Ruurd |
|
20-Sep-2007, 17:39
|
|||
|
|||
|
Re: Squid and Transparent Proxy
"R.F. Pels" <spamtrap@tiscali.nl> wrote in message
news:2DKOf.4042$oh5.1790@prv-forum2.provo.novell.com... > Juan Mera wrote: > >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT >> --to-port 8080 > > If you want a transparent proxy, you need to ensure that connections made > from the LAN to port 80 are rerouted to the squid ports. This means that > incoming packets with destination port 80 should be redirected for the > internal interface, not the external interface. Since your internal > interface is eth1, this should be: > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \ > -j REDIRECT --to-port 8080 > > That is, if you configured Squid to use port 8080. See: > > http://www.faqs.org/docs/Linux-mini/...tProxy.html#s5 You seem to know about this stuff. Can you tell me if it's possible for squid to simultaneously be a transparent proxy (catching all accesses to port 80) and a normal proxy (which would, with properly configured browsers, catch accesses to web pages on other ports)? (Our squid is set up to block access to undesirable sites and this is to maximize chance of catching all undesirable accesses). TIA -- Brian Gregory. (In the UK) ng@bgdsv.co.uk To email me remove the letter vee. |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
© 2007 Novell, Inc. All Rights Reserved.
This site uses the YAML CSS framework.
All times are GMT -6. The time now is 07:42.
About openSUSE | Disclaimers | Feedback
About openSUSE | Disclaimers | Feedback
