Mornin'
Here we have a network setup similar to the following:
| Internet | ---- (eth1) | Firewall | ---- (eth2) [DMZ]
|
| (eth3)
| LAN |
We currently have a box sitting in the dmz that we would like to act as
a transparent proxy. Our firewall is currently running Debian 3.0, With
kernel version 2.4.20-rc1-ac4 and Iptables version v1.2.6a.
On the firewall we have ran the following rules (From the transparent
proxy howto):
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s x.x.x.13
iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -p tcp --dport 80
ip rule add fwmark 2 table 2
ip route add default via x.x.x.13 dev eth2 table 2
The rules load just fine on the firewall, however traffic on port 80
comes to a halt, i.e the best firewall of all time.
On the squid box, x.x.x.13, we are running squid on port 80, bound to
x.x.x.13. We are running Squid Cache: Version 2.5.STABLE1 on the squid
box.
If you sniff the traffic on the firewall, you see the traffic arrive on
the lan interface, but it never leaves on the dmz interface.
Anyone have any ideas or suggestions?
Thanks,
-- Jonathan Kline Milwaukee School of Engineering klinej@msoe.edu PGP Key fingerprint = 8923 7266 CC84 6D39 6AEA 2313 4241 7851 068E BD2A PGP Key ID = 068EBD2AReceived on Tue Dec 03 2002 - 08:39:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:49 MST