the easiest is to limit that to the interface facing your clients.
Another option is to add ACCEPT rules before that, accepting any traffic
you do not want to intercept, leaving those packets as-is..
fre 2008-07-11 klockan 13:39 -0400 skrev Brodsky, Jared S.:
> My iptables are configured like this.
>
> /sbin/iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j
> TPROXY --on-port 81
>
> I had a feeling I needed to address something w/ my iptables, however
> was not 100% sure how to configure that.
>
> Jared
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
> Sent: Friday, July 11, 2008 1:36 PM
> To: Brodsky, Jared S.
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] ACL for incoming requests w/ Transparent
> proxy
>
> On fre, 2008-07-11 at 10:54 -0400, Brodsky, Jared S. wrote:
> > I just rolled out my Squid box last night w/ Transparent proxying on
> > my network and everything is working great. However I have a few
> > servers (webmail, bug tracking) that need to be accessible to the
> > outside world, however every time someone attempts to access it, they
> > get the Squid access denied page.
>
> You should generally not intercept incoming requests, only outgoing..
>
> How is tne transparent interception set up? This needs to be addressed
> there, before the connection gets sent to Squid..
>
> Regards
> Henrik
Received on Fri Jul 11 2008 - 17:55:21 MDT
This archive was generated by hypermail 2.2.0 : Sat Jul 12 2008 - 12:00:04 MDT