Hi, I have transparent proxy running pretty well and caching ok.
I'm not sure where to post, but since it is also a squid configuration issue, I'd try here. Currently, all outgoing port 80 calls are being routed (via iptables) to the squid box and then routed back through to the routing machine and out to the 'Net. That's ok if I want to limit destination domains/IPs or even browsers. But how do I restrict Src ips? As it stands, all the port 80 packets that are sent to the 'net from the clients are DNATd to the Squid box and SNAT from the routing-box. so if I have the following: acl No_131 192.168.10.131/32 deny_info ERR_NO_ACCESS No_131 http_access denied No_131 It won't work because all the packets that are going to the Squid box have source IPs of 192.168.10.3, which is my iptables machine. Would anyone have any suitable solution to be able to restrict access to the 'Net' using Squid? I believe I can also restrict net access via IPtables, but I'd prefer not to fiddle with the iptables setup. Any help appreciated.
