On 01/21/10 21:49, Adam wrote:
http://www.linux.com/archive/articles/113733
Sorry my mistake, for the OUTPUT chain it makes sense as all those
packets are from squid.
The log should have a URL after the GET command, ie;
1264070023.044 103 192.168.1.12 TCP_MISS/200 33140 GET
http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_82561-82720.82561-82614.82615-82720:
- DIRECT/150.101.98.208 application/vnd.google.safebrowsing-chunk
Have you tried configuring the proxy in your browser to check that
squid's working? Once you've established that you then know if you have
to fix the squid config or the iptables config
Yes, the squid is working OK.
But I'm not sure if it is possible to accomplish what I want.
iptable + squid are running on a single box: so I want:
INCOMING access from Internet is OPEN - I don't need or want to block anything;
as I have an external firewall.
OUTBOUND access to Internet denied (except one or two domains) - so I think
squid is perfectly suitable to it and it is working OK.
iptable I only wanted to use to forwarder to squid proxy, so doesn't matter what Browser user will use everything will go via squid except access to localhost
(127.0.0.1).
And this is the part I'm having problem with, anything localhost (127.0.0.1)
does not go through squid
All I have in iptable for now:
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j
ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3128
maybe it is not possible with single interface eth0
--
Joseph
