Teber Özceyhan wrote:
> hi all,
>
> I've FC8 Box running as firewall-proxy.
> this is my first try to run this kind of box. But there is some
> problems. iptables have simply 2 basic sentence.
> but Transparent proxy doesn't work
>
> iptables 1.3.8
> iptables -X
> iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
> --toports 3128
>
> my box has two ethernet eth1 to LAN eth0 to INTERNET
>
> in Squid conf (Squid 2.6 STABLE 17-1.fc8)
> http_port localhost:3128 transparent
> always_direct allow all
>
>
> squid an iptables works i think.
> when a client in LAN side connect to internet with transparent proxy
> there is an error. (ERROR The requested URL could not be retrieved )
>
> if the proxy is declared manually there is no problem
>
> what may be the problem.
>
Remove the 'localhost' part of the http_port config line.
The iptables documentation describing "to a local port" does NOT mean a
localhost(127.0.0.1) port.
Amos
-- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.Received on Fri Feb 01 2008 - 05:28:38 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:04 MST