Re: [SQU] Transparent Proxying Doesn't Work!!!

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 28 Aug 2000 10:08:23 +0200

dhbae@kneo.com wrote:

> /sbin/ipchains -A input -s 200.0.0.0/24 -p tcp -d 200.0.0.1 80 -j REDIRECT 8080
>
> I am running squid on port 8080 in machine 200.0.0.1

The above rule does only redirect connections which have a destination
ip of 200.0.0.1. Quite likely the opposite of what you want there.

I would recommend
/sbin/ipchains -A input 200.0.0.0/24 -p tcp -d 200.0.0.1 -j ACCEPT
/sbin/ipchains -A input 200.0.0.0/24 -p tcp -d 0.0.0.0/0 80 -j REDIRECT
80

Also I find it easier and probably more secure to build input/output
rules based on the interface rather than source IP addresses. Source
IP's can easily be spoofed, and tend to change when the organization
grows.

--
Henrik Nordstrom
Squid Hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Mon Aug 28 2000 - 02:10:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:06 MST