I have a patch for iptables to enable the use of DNAT/REDIRECT in OUTPUT
(and SNAT in INPUT), but generally it is better if you can do normal
proxying. Intercepting TCP is bad.
Regards
Henrik Nordström
CTO
MARA Systems AB, Sweden
Dirk Wagner wrote:
>
> Henrik Nordstrom schrieb:
> >
> > Should work if the traffic is routed there for a start.. See the Squid
> > FAQ for details on how Squid needs to be configured.
> >
> > You can only intercept traffic routed to the box.
>
> That's the problem. IMHO, it can't work with the browser and the proxy running
> on the same machine as a transparent proxy. Now I do it with iptables. The
> line:
>
> iptables -A OUTPUT -d ! 127.0.0.1 -m owner --uid-owner 500 -j REJECT
>
> will force the use Squid on the loopback interface, because all packets in the
> OUTPUT chain with the destination 0/0, except the localhost, and all packets
> generated by a process running with uid=500 will be rejected. Squid is no
> longer in a "transparent" mode, but this doesn't matter.
>
> Dirk
> --
> Dirk-Michael Wagner *** Wagner.Dirk-Michael@web.de
>
> Open Minds. Open Sources. Open Future. - Linux!
Received on Mon Jan 21 2002 - 17:49:41 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:54 MST