On 8/25/10 12:18 PM, Shawn Wright wrote: > > Yes, but it confirms the proxy can access external sites. I think the > only way I can confirm transparent proxy without iptables is to place > the squid box into a router role for the client. I could do this, but > the ultimate goal is to use WCCP2, so I do need to get > iptables/shorewall working.
I frankly don't believe that iptables/Shorewall has a anything to do with your problem. > I don't wish to place the proxy load on our > firewall, as there are 600 users on a 1Gb pipe, so the traffic is > significant. > > Squid is returning this: "Accepting transparently proxied HTTP > connections at 0.0.0.0, port 3128, FD 16." , so it appears to be set > correctly. There are no hits in the squid access log for the transparent > client. > > tcpdump on the shorewall/squid box now shows this, and I am not quite > sure why I don't see the rejections, but the packets still don't reach > squid on port 3128. I am clearly missing some critical piece, but I > don't know where to look. > > 11:57:46.823061 IP 10.3.5.23.2374 > 136.1.241.33.80: S > 1396530295:1396530295(0) win 65535 <mss 1460,nop,nop,sackOK> > 11:57:46.823117 IP 136.1.241.33.80 > 10.3.5.23.2374: S > 146074113:146074113(0) ack 1396530296 win 5840 <mss 1460,nop,nop,sackOK> > Squid is accepting the connection. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
