squid on other box than iptables NAT?

To: debian-user@lists.debian.org
Subject: squid on other box than iptables NAT?
From: Simon Brandmair <sbrandmair@gmx.net>
Date: Mon, 17 Sep 2012 14:42:55 +0000 (UTC)
Message-id: <[🔎] k37ctf$s3o$1@news.albasani.net>

Hi group,

I thought I could run squid (3.1.20) on one box, and iptables with DNAT
on another box with

iptables -t nat -A PREROUTING -p tcp --dport 80 -i $LOCIF ! -s $squidbox
! -d $localnet -j DNAT --to-destination $squidbox:3128

squid.conf snip:
http_port 192.x.x.x:3128 intercept

But on the squidbox /var/var/log/squid3/cache.log says:
IpIntercept.cc(137) NetfilterInterception:  NF
getsockopt(SO_ORIGINAL_DST) failed on FD 45: (92) Protocol not available

Some manuals on the internet suggest that this setup should be possible
[1], while others claim squid must run on the same box performing NAT
[2].

Can anybody help me out with this?

Cheers,
Simon



[1] http://tldp.org/HOWTO/TransparentProxy-6.html
[2]
http://squid-web-proxy-cache.1019090.n4.nabble.com/external-NAT-and-quot-Protocol-not-available-quot-td3173494.html

Reply to:

Prev by Date: Re: No shutdown after processor change
Next by Date: Problem with cpu time
Previous by thread: Re: No shutdown after processor change
Next by thread: Problem with cpu time
Index(es):
- Date
- Thread