|
Home > Archive > Squid > April 2004 > [squid-users] Transparent Proxy iptables rules - Help needed
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[squid-users] Transparent Proxy iptables rules - Help needed
|
|
| Roy Walker 2004-04-29, 6:55 pm |
| Hello,
This is more of an iptables issue, but to get transparent proxy working
you need iptables.
Here is what I am trying to do:
/sbin/iptables -t nat -A SQUID -i eth0 -p tcp -d !
64.123.34.32/255.255.255.248 --dport 80 -j REDIRECT --to-port 800 -o
eth1
If I take the -o off the rule works fine. However, only want traffic
from eth0 and destined out eth1 to be proxied except when it is destined
for the network specified by the -d. Anyone have any idea what is not
right with that?
Versions:
Kernel 2.4.25
Squid 2.5-stable
Iptables 1.2.9
Thanx,
Roy
| |
| Henrik Nordstrom 2004-04-29, 6:55 pm |
| On Tue, 27 Apr 2004, Roy Walker wrote:
> If I take the -o off the rule works fine. However, only want traffic
> from eth0 and destined out eth1 to be proxied except when it is destined
> for the network specified by the -d. Anyone have any idea what is not
> right with that?
You can't use -o in PREROUTING. The information is simply not known by the
kernel at that time. You must match on destination IPs. If you have some
traffic you do not want to intercept then add ACCEPT rules in the nat
table before your interception rule.
You can only intercept traffic at PREROUTING, as the kernel needs to know
where to route the traffic and interception changes the destination to the
local server instead of the requested server.
Regards
Henrik
|
|
|
|
|