Re: [squid-users] Transparent Proxy & IPTables

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 15 May 2002 17:22:35 +0200

It will work if you make the Squid server route the traffic back to the
firewall.

Most easily this is done by having the proxy on another interface than your
clients (possibly a virtual one), but you can also do so by some clever
routing.

Regards
Henrik

Tiago Fioreze wrote:
> Thanks Henrik !!!
>
> I understood your explanation. I will go to find
> other solution for my problem. Although, add the
> three rules (iptables) previous, the transparent
> proxy works, this isn't the perfect solution for
> my problem.
>
> Regards,
>
> Tiago Fioreze
>
> ********************************************
> * Administrador da Rede *
> * *
> * Núcleo de Ciência da Computação *
> * Universidade Federal de Santa Maria *
> * Santa Maria - Rio Grande do Sul - Brasil *
> ********************************************
>
> Citando Henrik Nordstrom <hno@marasystems.com>:
> > Right.. so it should.
> >
> > Your Squid server do not know the connection was DNAT:ed, and routes the
> > response direcly back to your client machine, who knows nothing about
> > this connection as you client machine tried to talk to some server on the
> > Internet, not your Squid..
> >
> > Regards
> > Henrik
> >
> > Tiago Fioreze wrote:
> > > tcpdump: listening on eth0
> > > 11:19:44.840765 arp who-has my_squid_server tell my_firewall
> > > 11:19:44.841455 my_squid_server.webcache > myhost.34414: S
> > > 2554006259:2554006259(0) ack 2117538155 win 17520 <mss 1460>
> > > 11:19:44.841554 myhost.34414 > my_squid_server.webcache: R
> > > 2117538155:2117538155(0) win 0 (DF)
Received on Wed May 15 2002 - 09:22:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:08 MST