hi jimmy and joel,
comments below
> > Joel Eusebio wrote:
> >
> > > I use ipchains to pipe all my clients http request to a proxy server
> > > (running squid)
> > > I placed something like this on my init scripts:
> > >
> > > ipchains -A input -p TCP -d 127.0.0.1 80 -j ACCEPT
> > > ipchains -A input -p TCP -d 192.168.0.0/27 -j ACCEPT
> > > ipchains -A input -p TCP -d 0/0 80 -j REDIRECT xxxx
if your box is only serving as proxy server and no web server, then this is the only
ipchains rule to serve your transparent proxy:
ipchains -A input -p TCP -d 0/0 80 -j REDIRECT <port of your proxy server>
if your box serves both proxy and web server then ipchains rules are in the following
order:
ipchains -A input -p TCP -d <localhost ip address> 80 -j ACCEPT
ipchains -A input -p TCP -d <server ip address> 80 -j ACCEPT
ipchains -A input -p TCP d 0/0 80 -j REDIRECT <port of your proxy server>
dont forget to enable *ip forwarding* to act your box as a router
> ERRATA:
>
> Sorry for what I said a while ago, that was applicable only in BSD box. :(
>
> Source: <http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
>
> addresses. For Linux this seems to work automatically. For *BSD-based systems,
>you
> probably have to configure squid with the
> --enable-ipf-transparent option. (Do a make clean if you previously configured
> without that option, or the correct settings
> may not be present.)
>
on *BSD-based system, enable this option if you are using *ipf* program (openbsd
default
firewall program) to hijack http packets but if you are only using *ipfw* program
(freebsd
default firewall program), no need to enable this option.
fooler.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
