Package: kernel-source-2.6.11 Version: 2.6.11-1 With <= 2.6.10, squid was working fine as a transparent proxy for local connections, using the following NAT rules:
-A OUTPUT -o world -p tcp --dport 80 -j redirect-local-squid
-A redirect-local-squid -m owner --gid-owner 13 -j ACCEPT
-A redirect-local-squid -p tcp -j REDIRECT --to-port 3128
With 2.6.11, this stopped working. However, now I wonder why it ever
worked in the first place.
I have squid set up to allow contact by localhost. However, when
talking to the outside, the source IP will not be 127.0.0.1. It
seems like 2.6.10 and below did some magic here, which does not work
anymore... (so maybe it is actually fixed now, but who knows...)
09:50 < dilinger> madduck: 2.6.11 is kind of shitty in general
So... news at 11, but I thought you might like to know. Here's how
to fix it (to be placed *after* any MASQUERADE rules):
-A POSTROUTING -o world -p tcp --dport 80 -j rewrite-source-squid
-A rewrite-source-squid -m owner --gid-owner 13 -j ACCEPT
-A rewrite-source-squid -p tcp -j SNAT --to-source 127.0.0.1
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
"how do you feel about women's rights?"
"i like either side of them."
-- groucho marx
signature.asc
Description: Digital signature
