My situation is: the Linux server is connected to the Internet via a modem,
and a workstation (Windows NT) is in the same LAN as the Linux server. And I
want the workstation to connect to the Internet without setting proxy (since
I have tried setting proxy, and it works, but it is too troublesome).
I have also tried "/sbin/ipchains -A input -j REDIRECT 3128 -p tcp -s
0.0.0.0/0 -d
0.0.0.0/0 80" but it also failed. Must I use iptables? Can you tell me how
to upgrade my kernel to 2.4 (any web sites)? I am completely new to Linux.
Below are some facts I have tested:
1. It seems that setting the default gateway of the workstation or not,
does not have any effect on connecting to Internet.
2. And if I do not set the primary DNS of the workstation to the Linux
server's IP, it cannot connect to Internet even I point my browser to the
proxy server.
-----Original Message-----
Temp wrote:
>After I have run squid in the Linux server,
Is this server a gateway through which the clients reach the internet,
or is is a parallel server on the same network?
>/sbin/ipchains -A input -p TCP -d 0/0 --dport 80 -j REDIRECT 3128
I use this syntax (which is not to say that yours is wrong, just that
this one does work):
/sbin/ipchains -A input -j REDIRECT 3128 -p tcp -s 0.0.0.0/0 -d
0.0.0.0/0 80
But that isn't going to do you any good unless squid is running on a
functioning gateway, and you issue that redirect on the gateway.
>I have also tried setting the default gateway of the Windows client
pointing
>to the Linux server, still the same.
I surmise from this statement that your squid server is not your
gateway. That means your clients are oblivious to its presence until
you tell them about it.
What you're trying to do is insert a proxy between your workstations
and the internet. That means it has to be someplace where packets
must pass through it, such as on your gateway. If that's not the
case, you have two options, one of which is to tell your browsers
about it, as you've done. The other option is to redirect traffic on
80 from the gateway to the squid server, which (as far as I know)
ipchains can't do. iptables can do this, but requires a 2.4 kernel.
If you're stuck with an older kernel, someone else will have to chime
in; I think perhaps ipfwadmin is what you'd want.
Personally, I run a parallel squid server, because my gateway is also
a firewall, and services don't belong there ... so I set it up just as
you apparently have, and point my browsers at it.
Does that help?
- -d
- --
David Talkington
http://www.spotnet.org
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
