Shane, This command will redirect all traffic accessing on interface br0 destination port 80 to your squid server.
Rgds, Siew --- "Blaser, Shane" <[EMAIL PROTECTED]> wrote: > I have not, > > What does this camand do ??? > > Thanks > > Shane > > -----Original Message----- > From: Siew Wing Loon > To: Steven Bourque; [EMAIL PROTECTED] > Sent: 3/27/2003 5:03 PM > Subject: Re: [squid-users] Transparent Proxy, > Bridged interfaces & SQUID > > Hi, > > Have you try this: - > > iptables -t nat -A PREROUTING -i br0 -p tcp --dport > 80 > -j REDIRECT --to-port 3128 > > Rgds, > Siew > > --- Steven Bourque <[EMAIL PROTECTED]> wrote: > > Hello, > > > > I was hoping someone could help me: > > > > I have linux (debian) kernel 2.4.20 compiled with > > everything mentioned > > in the transparent proxy/squid HOWTO and iptables > > working properly: > > > > eth0 is connected to the LAN > > eth1 is connected to the WAN > > > > both are setup as a memeber of the bridge br0 > > br0 has an IP address of 10.10.6.231/24 (part of > our > > local IP's for > > monitoring and configuration) > > > > the Bridging is working, however, it will not grab > > the port 80 traffic: > > > > I have added the following as stated in the howto: > > > > iptables -t nat -A PREROUTING -i eth0 -p tcp > --dport > > 80 -j REDIRECT > > --to-port 3128 > > > > iptables -A INPUT -i br0 -p tcp -d 10.10.6.231 -s > > 10.10.6.0/24 --dport > > 3128 -m state --state NEW,ESTABLISHED -j ACCEPT > > > > (so I can SSH to the box) > > iptables -A INPUT -i br0 -p tcp -d 10.10.6.231 -s > > 10.10.6.0/24 --dport > > 22 -m state --state NEW,ESTABLISHED -j ACCEPT > > > > I have also tried the first iptable with -j DNAT > > --to 10.10.6.231:3128 > > > > Neither table gets a hit when viewed with iptable > -t > > nat -v -n -L or > > iptable -v -n -L > > > > Those are the only entries in the iptables, the > SSH > > command does work. > > Squid is configured with the entries has noted in > > the HOWTO, otherwise > > they are defaults. > > > > Squid is version 2.5.STABLE1 > > > > iptables -L -n -v -t nat > > > > Chain PREROUTING (policy ACCEPT 31 packets, 5420 > > bytes) > > pkts bytes target prot opt in out > source > > destination > > 0 0 REDIRECT tcp -- eth0 * > > 0.0.0.0/0 0.0.0.0/0 > > tcp dpt:80 redir ports 3128 > > > > Chain POSTROUTING (policy ACCEPT) > > ... > > (empty) > > Chain OUTPUT (policy ACCPEPT) > > ... > > (empty) > > > > iptables -L -n -v > > Chain DROP (policy ACCEPT 136 packets, 16195 > bytes) > > pkts bytes target prot opt in out source > > > destination > > 0 0 ACCEPT tcp -- br0 * > > 0.0.0.0/0 10.10.6.231 > > tcp dpt:3128 state NEW,ESTABLISHED > > 14 1651 ACCEPT tcp -- br0 * > > 0.0.0.0/0 10.10.6.231 > > tcp dpt:22 state NEW,ESTABLISHED > > Chain FORWARD (policy ACCEPT) > > ... > > (empty) > > Chain OUTPUT (policy ACCEPT) > > ... > > (empty) > > > > We do not want any firewalling on this box, hense > > the default are all > > ACCEPT except the actual connections to the box, > > which has two accepts > > (SQUID and SSH) > > > > With this setup, I am able to surf the web, but it > > is bypassing SQUID. > > Everhything is continuing to be bridged. > > > > I spent a few days reading everything I can about > > this. > > > > I found the program divert (I have divert enabled > in > > my kernel) does > > that have anything to do with it? > > > > I tried it with divert on eth0 enable tcp add dst > > 80, > > that just seemed to kill my browsing as well as > not > > hitting squid or the > > filters, although it a tcpdump -ne -i eth0 tcp dst > > port 80, I do see the > > MAC address change from that of my next hop router > > to the MAC of the > > eth0 (which should then get redirected by the > > iptable, shouldn't it?) > > > > any help would be much appreciated! :) > > > > Thanks > > -- > > > > \Steven. > > > > /* > > | Steven R. > > Bourque, CCNA > > /"\ | Network > > Engineer > > \ / ASCII ribbon campaign | Packet > > Works Inc. > > X against HTML email | > > p:519.579.4507. f:519.579.8475. > > / \ | > > http://www.packetworks.net > > | PGP ID: > > 0x373AB23B > > *\ > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, > live on your desktop! > http://platinum.yahoo.com > > > . __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
