From: Matthew Tanase <[EMAIL PROTECTED]> Reply-To: Matthew Tanase <[EMAIL PROTECTED]> To: usman fool <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid transparent proxy and bridge question Date: Wed, 24 Mar 2004 11:43:17 -0800 (PST)
A couple of things since my initial post. I verified the machine do indeed have DNS access (I can ping hosts), so that shouldn't be a problem. I had to use "iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT squidbox:3128" to get Squid working, not sure why. Now however, everything is denied with TCP_MISS 504/503 errors - is this an ACL problem or iptables.
add one more thing
iptables -t nat -I PREROUTING -p tcp --dport 80 -s ! squidbox -j DNAT --to squidbox:3128
OR
u need these 2 commands
iptables -t nat -I PREROUTING -p tcp --dport 80 -s squidbox -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 80 -s yournetwork -j DNAT --to squidbox:3128
because may be your squid traffic is again redirected to squid.if squid gateway is the bridge.
sketch your network diagram clearly. whats the gateway of squidbox? whats the gateway of bridge? whats the gateway on clients?
My other question - why the POSTROUTING - I already have the PREROUTING. And why isn't REDIRECT working, it's my understanding that DNAT is REDIRECT, but you have to specific a host...
sorry that was a mistake.
usman.
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
