Alex Samad wrote:
On Tue, Jan 15, 2008 at 08:11:34AM -0200, Eduardo M KALINOWSKI wrote:
Alex Samad wrote:
if you are only trying to capture http request from this machine
(the same
as the proxy) then you need to use the output chain
OK, so I changed the line and ran
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
This does make the requests go through the proxy. However, I can only
access objects which are already in cache. When squid needs to fetch an
sounds like the problem
set tcp_outgoing_address in squid.conf, assign you box 2 addresses, 1 for
normal use and the other for squid use and then setup the iptables filter to
only pick up from the first
Well, this solution is far more complicated than what I wanted, so I
took a look at iptables' manpage and discovered that matching can be
done based on the UID that is running the process, so the idea is to let
requests made by user 'proxy' through, and redirect all others to the
proxy. This accounts to the two lines
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy
-j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
--
Well, it's hard for a mere man to believe that woman doesn't have equal rights.
-- Dwight D. Eisenhower
Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
