Hello,
I am trying to make squid work as a transparent proxy via my NAT box
at home, to my webserver on the LAN behind the NAT box. I am
following the HOW-TO at:
http://www.tldp.org/HOWTO/mini/TransparentProxy.html
My NAT box is a 2.2 kernel (Mandrake 7.1, eth1 == 10.10.10.1) running
squid-2.3.STABLE4-3mdk and my webserver is a 2.4 kernel (Mandrake 8.2,
10.10.10.2) running Apache. Squid is running on port 80 and so is
Apache.
Here is the output of "iptables -t nat -L" on the 2.4 box
(trantor.crystalcave.net == 10.10.10.1):
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- !trantor.crystalcave.net anywhere tcp dpt:http to:10.10.10.1:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.0.0/8 trantor.crystalcave.netto:10.10.10.2
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
When I try to hit squid from outside my LAN, I get a "ERROR the
requested URL could not be retrieved" and "Access Denied" in bold text
displayed, and the squid log file shows:
1019246699.218 86 206.11.112.251 TCP_MISS/403 1067 GET http://www.crystalcave.net/ - DIRECT/www.crystalcave.net text/html
The request never reaches the internal web server, of course.
The only changes I made to squid.conf are:
http_port 80
httpd_accel_host 10.10.10.2
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
I tried using "virtual" for the httpd_accel_host as the HOW-TO
suggests, but that didn't help.
Any ideas?
Thanks!
Eric Hendrickson
Received on Fri Apr 19 2002 - 14:21:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:37 MST