A couple of things since my initial post. I verified the machine do indeed have DNS access (I can ping hosts), so that shouldn't be a problem. I had to use "iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT squidbox:3128" to get Squid working, not sure why. Now however, everything is denied with TCP_MISS 504/503 errors - is this an ACL problem or iptables. My other question - why the POSTROUTING - I already have the PREROUTING. And why isn't REDIRECT working, it's my understanding that DNAT is REDIRECT, but you have to specific a host... Thanks mt -----Original Message from usman fool <[EMAIL PROTECTED]>----- keep 3 things in mind
1.the clients gateway must be that ip on which squid is listening on.( your bridge ip) 2.the clients must have access to a dns server which can can resolve any query.(which is not needed in manual proxy) 3.ip forwarding is enabled and those 4 httpd_acceel options in squid.conf. u need only 1 command iptables -t nat -A POSTROUTING -p tcp --dport 80 -s xxxxxx -j REDIRECT --to-port xxxx now verify through " iptables -t nat -vnL" and "access.log" if any packets are redirected. >From: Matthew Tanase <[EMAIL PROTECTED]> >Reply-To: Matthew Tanase <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [squid-users] Squid transparent proxy and bridge question >Date: Tue, 23 Mar 2004 12:47:54 -0800 (PST) > > >Hello > >I have setup Mandrake Linux 10.0 as a bridge. I have confirmed the >interfaces (eth0 and eth1) are acting as a bridge. I have installed Squid >on this device and would like it to act as a forced, transparent proxy. So >I am redirecting requests coming into the bridge to port 3128, which squid >is running on. I have followed the instructions from the Mini-How to (Linux >+ Squid + Transparent Proxy) and included both iptables commands (the >PREROUTING with REDIRECT to 3128), but Squid does not seem to process the >requests. No entries in the access.out file. I have found one message on >the list with a similar problem last year, but it was not resolved. > >So can anyone point me in the right direction? Bridge is working, squid is >running, you can surf the web from a device connected to the bridge/proxy, >but Squid is not processing the requests. Thanks. > >[EMAIL PROTECTED] _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
