[Bridge] Strange, my transparent squid stoped working

Tue, 30 Sep 2003 08:59:47 -0700 

This is strange...

I had my Linux box setup as a bridge with two lan cards, that filterd out
all port 80 packets and sent them to squid to get a real transparent
webcache.
I shut the machine down, moved it from my test bench to the server room,
strted it up and it worked yust fine, i tested to pull the powercord to it
and see if it could start ok after that (using ext3 filesystem), and it
worked yust fine.

until today when i checked the squid logs, and it wasn't logging anything...

so i tried to access squid directly, and it works yust fine from any
webbrowser, but the REDIRECT doesnt work.

i tried iptables -t nat -L -nv and i saw that there had been packets going
through the REDIRECT table, then i used iptables -t nat -F and then added
the same rules again, but no new packets...

i tried to restart the machine, but it didn't do a thing.. still no hits on
the REDIRECT...


proxy:~# uname -a
Linux proxy 2.4.22 #1 SMP Wed Sep 24 17:11:16 CEST 2003 i686 unknown

proxy:~# dmesg | grep -A1 Bridge
NET4: Ethernet Bridge 008 for NET4.0
Bridge firewalling registered
kjournald starting.  Commit interval 5 seconds

proxy:~# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 373 packets, 25762 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0
0.0.0.0/0          tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth2   *       0.0.0.0/0
0.0.0.0/0          tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 149 packets, 12928 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 92 packets, 5628 bytes)
 pkts bytes target     prot opt in     out     source
destination


proxy:~# iptables -L -nv
Chain INPUT (policy ACCEPT 2332 packets, 656K bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0
192.168.0.3        tcp dpt:3128 state NEW,ESTABLISHED
  597  173K ACCEPT     tcp  --  eth1   *       0.0.0.0/0
192.168.0.3        tcp dpt:3128 state NEW,ESTABLISHED

Chain FORWARD (policy ACCEPT 128 packets, 13644 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 3684 packets, 956K bytes)
 pkts bytes target     prot opt in     out     source
destination


proxy:~# cat /proc/sys/net/ipv4/ip_forward
1


ADSL modem<--->ROUTER SWITCH<--->[eth1]Linux[eth2]<--->SWITCH<--->USERS
                     |
                     --> USERS



_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to