Joel Gerber wrote:
>
> It seems as if my transparent caching setup for squid under Linux
> 2.4.0-test9 is doing some wierd and wonderful things. I've been
> debugging my configuration a bit, and I'm pretty positive that my
> netfilter rules are fine. The various netfilter rules I tried are
> below:
>
> iptables -A OUTPUT -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128
> iptables -A OUTPUT -t nat -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 --dport 80 -j DNAT --to my.ip.address.num:3128
You SHOULD use a REDIRECT rule, not a DNAT one. The two are quite
different, and not all clients will work fine if you use the DNAT
method.
And you should also do it in the FORWARD chain, NOT the OUTPUT chain..
The rule should be applied to any traffic forwarded to the box, but not
to traffic originating from the box (i.e. initiated by the proxy).
-- Henrik Nordstrom Squid hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 01 2000 - 14:28:57 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST