squid on other box than iptables NAT?
Hi group,
I thought I could run squid (3.1.20) on one box, and iptables with DNAT
on another box with
iptables -t nat -A PREROUTING -p tcp --dport 80 -i $LOCIF ! -s $squidbox
! -d $localnet -j DNAT --to-destination $squidbox:3128
squid.conf snip:
http_port 192.x.x.x:3128 intercept
But on the squidbox /var/var/log/squid3/cache.log says:
IpIntercept.cc(137) NetfilterInterception: NF
getsockopt(SO_ORIGINAL_DST) failed on FD 45: (92) Protocol not available
Some manuals on the internet suggest that this setup should be possible
[1], while others claim squid must run on the same box performing NAT
[2].
Can anybody help me out with this?
Cheers,
Simon
[1] http://tldp.org/HOWTO/TransparentProxy-6.html
[2]
http://squid-web-proxy-cache.1019090.n4.nabble.com/external-NAT-and-quot-Protocol-not-available-quot-td3173494.html
Reply to: