Hi everybody !!!
I have one problem with my project and I would like some help.
I'm implemanting transparent proxy in my network. I'm using
SQUID and IPtables for this.
The scenario:
|----------| eth1|----------|eth0 |------------|
| Internet |------| Firewall |--------|---------| My Network |
|----------| |----------| | |------------|
|
|
|-------|
| SQUID |
|-------|
The idea (project):
The users in my network must to access http through of squid instead
directly.
The rules:
--> SQUID:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
--> IPTables:
iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80
-j DNAT --to squid-box:8080
iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p
tcp --dport 8080 -j ACCEPT
The problem:
The iptables changes the destination (from anywhere:80 to
squid-box:8080), but the SQUID didn't receive none packets on port 8080.
Ps.: If I add, between the rules of the IPTables, the rule below:
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box
-j SNAT --to iptables-box
the transparent proxy works very well, but my squid only receives
connection from firewall (because of the rule above). So, I don't have control
(by squid) of that my users are accessing in the internet.
Can somebody help me ?
Thanks in advance,
Tiago Fioreze
********************************************
* Administrador da Rede *
* *
* Núcleo de Ciência da Computação *
* Universidade Federal de Santa Maria *
* Santa Maria - Rio Grande do Sul - Brasil *
********************************************
Received on Wed May 15 2002 - 07:38:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:07 MST