netfilter: Transparent squid running on another host.

To: "lists.debian.org debian-firewal" <debian-firewall@lists.debian.org>
Subject: netfilter: Transparent squid running on another host.
From: Mike Mestnik <cheako911@yahoo.com>
Date: Fri, 1 Oct 2004 14:33:49 -0700 (PDT)
Message-id: <[🔎] 20041001213349.6425.qmail@web11906.mail.yahoo.com>

My *default GW* is 10.0.0.1(train) and I have squid running on
10.0.0.110:3128(paladin).
I have setup squid to run as a TP, setting something about keeping http
headers and what not.  The proxy(when clients are configured) dose work,
but tcp showes that transparent client's are not using the proxy.

These are the rules I have been trying to use, with out succsess...

        # Non-local transparent FTP and HTTP(S) proxy.
        iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\
            --src ! 10.0.0.110 --dport 80\
            -j MARK --set-mark 1
        iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\
            --src ! 10.0.0.110 --dport 443\
            -j MARK --set-mark 1
# Exclude a host.
#       iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\
#           --src 10.0.0.20 --dport 80\
#           -j MARK --set-mark 0
#       iptables -t mangle -A PREROUTING -i $IFACE+ -p tcp\
#           --src 10.0.0.20 --dport 443\
#           -j MARK --set-mark 0
        ip rule add fwmark 1 table web.out
        ip route add default via 10.0.0.110 dev $IFACE table web.out

For now it's OK that 10.0.0.20 dosen't(may not) get exluded from the
transparent proxy.  I have another solution for this, if the above
commented rules don't do the trick.



		
_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now. 
http://messenger.yahoo.com

Reply to:

Next by Date: What's going on here?
Next by thread: What's going on here?
Index(es):
- Date
- Thread