Re: [Bridge] transparet squid cahce on a bridge box

Gï¿½teborgs DataAkut - Fredrik Winï¿½s Wed, 24 Sep 2003 04:42:00 -0700

I've tried that, but i cant get it to work..

----- SNAP SHOT ----
proxy:~# iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 62350 packets, 6493K bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0
0.0.0.0/0          tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth2   *       0.0.0.0/0
0.0.0.0/0          tcp dpt:80 redir ports 3128


Chain POSTROUTING (policy ACCEPT 4027 packets, 234K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 4080 packets, 237K bytes)
 pkts bytes target     prot opt in     out     source
destination
proxy:~#
proxy:~# iptables -L -nv
Chain INPUT (policy ACCEPT 277K packets, 224M bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0
192.168.0.3        tcp dpt:3128 state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0
192.168.0.3        tcp dpt:3128 state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  br0    *       0.0.0.0/0
192.168.0.3        tcp dpt:3128 state NEW,ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 486K packets, 446M bytes)
 pkts bytes target     prot opt in     out     source
destination
proxy:~#


proxy:~# ifconfig
br0       Link encap:Ethernet  HWaddr 00:0A:CD:05:FC:B0
          inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:473550 errors:0 dropped:0 overruns:0 frame:0
          TX packets:482768 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:237718394 (226.7 MiB)  TX bytes:451888868 (430.9 MiB)

eth1      Link encap:Ethernet  HWaddr 00:0A:CD:05:FC:B0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2383224 errors:2 dropped:0 overruns:0 frame:0
          TX packets:2752632 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2034950860 (1.8 GiB)  TX bytes:1746988423 (1.6 GiB)
          Interrupt:10 Base address:0xa000

eth2      Link encap:Ethernet  HWaddr 00:0A:CD:05:FC:C3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1810454 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2681626 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1324209517 (1.2 GiB)  TX bytes:1899689866 (1.7 GiB)
          Interrupt:3 Base address:0xc000

proxy:~# lsmod
Module                  Size  Used by    Not tainted
nls_iso8859-1           2848   0  (autoclean)
ipt_mark                 480   0  (unused)
ipt_mac                  672   0  (unused)
ipt_MARK                 736   0  (unused)
ipt_state                608   3  (autoclean)
iptable_filter          1728   1  (autoclean)
ipt_REDIRECT             736   2  (autoclean)
iptable_nat            13748   1  (autoclean) [ipt_REDIRECT]
ip_conntrack           14324   2  (autoclean) [ipt_state ipt_REDIRECT
iptable_nat]
ip_tables              10944   9  [ipt_mark ipt_mac ipt_MARK ipt_state
iptable_filter ipt_REDIRECT iptable_nat]
bridge                 16972   1
proxy:~#

proxy:~# uname -a
Linux proxy 2.4.18 #3 SMP Thu Sep 11 16:03:20 CEST 2003 i686 unknown
proxy:~#
---- SNAP SHOT ----


as you can see i have tried this on all interfaces, but it doesent lock on
to any packets...

have i missed something in the kernel?

Thanks



----- Original Message -----
From: "Gavin Hamill" <[EMAIL PROTECTED]>
To: "G?teborgs DataAkut - Fredrik Win?s" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 24, 2003 10:31 AM
Subject: Re: [Bridge] transparet squid cahce on a bridge box


> On Wed, Sep 24, 2003 at 10:05:37AM +0200, G?teborgs DataAkut - Fredrik
Win?s wrote:
> > ifconfig br0 192.168.0.3/24
> >
> > I havent found a straight answer on the internet how to make this
machine do
> > a transparent webcache, i've searched the archives of this mailinglist
but
> > havent found anything that works for me...
> >
> > can anyone tell me how it should be done?
>
> This information is pretty public, but here's how I do it:
>
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 3128
>
> eth1 is the LAN side of the bridge, and the rule intercepts requests for
external
> hosts on port 80, and redirects them to port 3128 on the bridge itself,
where squid
> should be listening...
>
> Don't forget of course, that squid must have a real means by which to get
Internet
> access, so here I would expect you have another machine on the network
which will
> masquerade packets for br0 at 192.168.0.3...
>
> Cheers,
> Gavin.
>
>

_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Re: [Bridge] transparet squid cahce on a bridge box

Reply via email to