On Jan 17, 2008 2:37 PM, Mihira Fernando <[EMAIL PROTECTED]> wrote: > > On Jan 14, 2008 7:26 PM, Eduardo M KALINOWSKI <[EMAIL PROTECTED]> wrote: > > > > I'm trying to setup a transparent caching proxy with Squid. I've > > installed Squid, configured it, in particular using the line > > http_port 3128 transparent > > > > The proxy is working fine. If I specify the proxy manually, I can > > see it being used from access.log, and note the results of caching. > > > > However, the automatic forwarding is not working. First, I've > > enabled forwarding with > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > Then, following instructions found in the internet, I've run > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > > --to-port 3128 > > to setup automatic forwarding of http requests. The command runs fine, > > and the rule is added: > > # iptables -t nat -L > > Chain PREROUTING (policy ACCEPT) > > target prot opt source destination > > REDIRECT tcp -- anywhere anywhere tcp dpt:www > > redir ports 3128 > > > > Chain POSTROUTING (policy ACCEPT) > > target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > However, the forwarding simply does not happen. Requests do not pass > > through the proxy, everything works as before. > > > > Is there anything that is missing? > > > > Kernel is linux-image-2.6.22-2-amd64, version 2.6.22-4 . Now I'm > > using squid3 version 3.0.STABLE1-1, but I've also tried with squid > > 2.6.17-1, and the results are the same. > > > > Thanks in advance, > > > > -- > > History repeats itself. That's one thing wrong with history. > > > > Eduardo M KALINOWSKI > > [EMAIL PROTECTED] > > http://move.to/hpkb > > > > I have the almost exact setup with Squid 2.6 and it works fine. One > point though, I have 2 network interfaces, eth0 for internet and eth1 > for LAN. > > Squid listens only on eth1 and loop back on transparent mode. > > http_port my.lan.ip:3128 transparent > http_port 127.0.0.1:3128 transparent > > Mihira.
Forgot to add : iptabes is set for the LAN interface (eth1) for the port redirection iptablies -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 and port redirection on the internet interface (eth0) Mihira. -- Random Quotes From Megas XLR Coop: You see? The mysteries of the Universe are revealed when you break stuff. Jamie: When in doubt, blow up a planet. Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here. Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
