I have not, What does this camand do ???
Thanks Shane -----Original Message----- From: Siew Wing Loon To: Steven Bourque; [EMAIL PROTECTED] Sent: 3/27/2003 5:03 PM Subject: Re: [squid-users] Transparent Proxy, Bridged interfaces & SQUID Hi, Have you try this: - iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Rgds, Siew --- Steven Bourque <[EMAIL PROTECTED]> wrote: > Hello, > > I was hoping someone could help me: > > I have linux (debian) kernel 2.4.20 compiled with > everything mentioned > in the transparent proxy/squid HOWTO and iptables > working properly: > > eth0 is connected to the LAN > eth1 is connected to the WAN > > both are setup as a memeber of the bridge br0 > br0 has an IP address of 10.10.6.231/24 (part of our > local IP's for > monitoring and configuration) > > the Bridging is working, however, it will not grab > the port 80 traffic: > > I have added the following as stated in the howto: > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport > 80 -j REDIRECT > --to-port 3128 > > iptables -A INPUT -i br0 -p tcp -d 10.10.6.231 -s > 10.10.6.0/24 --dport > 3128 -m state --state NEW,ESTABLISHED -j ACCEPT > > (so I can SSH to the box) > iptables -A INPUT -i br0 -p tcp -d 10.10.6.231 -s > 10.10.6.0/24 --dport > 22 -m state --state NEW,ESTABLISHED -j ACCEPT > > I have also tried the first iptable with -j DNAT > --to 10.10.6.231:3128 > > Neither table gets a hit when viewed with iptable -t > nat -v -n -L or > iptable -v -n -L > > Those are the only entries in the iptables, the SSH > command does work. > Squid is configured with the entries has noted in > the HOWTO, otherwise > they are defaults. > > Squid is version 2.5.STABLE1 > > iptables -L -n -v -t nat > > Chain PREROUTING (policy ACCEPT 31 packets, 5420 > bytes) > pkts bytes target prot opt in out source > destination > 0 0 REDIRECT tcp -- eth0 * > 0.0.0.0/0 0.0.0.0/0 > tcp dpt:80 redir ports 3128 > > Chain POSTROUTING (policy ACCEPT) > ... > (empty) > Chain OUTPUT (policy ACCPEPT) > ... > (empty) > > iptables -L -n -v > Chain DROP (policy ACCEPT 136 packets, 16195 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT tcp -- br0 * > 0.0.0.0/0 10.10.6.231 > tcp dpt:3128 state NEW,ESTABLISHED > 14 1651 ACCEPT tcp -- br0 * > 0.0.0.0/0 10.10.6.231 > tcp dpt:22 state NEW,ESTABLISHED > Chain FORWARD (policy ACCEPT) > ... > (empty) > Chain OUTPUT (policy ACCEPT) > ... > (empty) > > We do not want any firewalling on this box, hense > the default are all > ACCEPT except the actual connections to the box, > which has two accepts > (SQUID and SSH) > > With this setup, I am able to surf the web, but it > is bypassing SQUID. > Everhything is continuing to be bridged. > > I spent a few days reading everything I can about > this. > > I found the program divert (I have divert enabled in > my kernel) does > that have anything to do with it? > > I tried it with divert on eth0 enable tcp add dst > 80, > that just seemed to kill my browsing as well as not > hitting squid or the > filters, although it a tcpdump -ne -i eth0 tcp dst > port 80, I do see the > MAC address change from that of my next hop router > to the MAC of the > eth0 (which should then get redirected by the > iptable, shouldn't it?) > > any help would be much appreciated! :) > > Thanks > -- > > \Steven. > > /* > | Steven R. > Bourque, CCNA > /"\ | Network > Engineer > \ / ASCII ribbon campaign | Packet > Works Inc. > X against HTML email | > p:519.579.4507. f:519.579.8475. > / \ | > http://www.packetworks.net > | PGP ID: > 0x373AB23B > *\ > __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com .
