Yes, it works! Thanks for all of you who help on this issue. Actually, it's
a packet filtering stuff instead of squid stuff :)
Wilson
----- Original Message -----
From: "Francisco Obispo" <fobispo@nic.ve>
To: "Wilson Mak" <wilson.mak@digitalview.com>
Cc: "Brian Leung" <brianlk@pacific.net.hk>; <squid-users@squid-cache.org>
Sent: Monday, July 22, 2002 10:05 PM
Subject: Re: [squid-users] Transparent Proxy on the Gateway Box
> Hi..
>
> you have to include a chain in the input...
>
> ipchains -A input -s any/0 -d localhost 80 -j ACCEPT
> ipchains -A input -s any/0 -d webserver 80 -j ACCEPT
>
> this way, packets with destination localhost on port 80 won't be
> redirected to
> the cache...
>
> -francisco
>
>
>
> Wilson Mak wrote:
>
> >Hi Brain,
> >
> >Yes, I did.
> >cat /proc/sys/net/ipv4/ip_forward -> 1
> >
> >Wilson
> >
> >----- Original Message -----
> >From: "Brian Leung" <brianlk@pacific.net.hk>
> >To: "Wilson Mak" <wilson.mak@digitalview.com>
> >Cc: <squid-users@squid-cache.org>
> >Sent: Monday, July 22, 2002 2:29 PM
> >Subject: Re: [squid-users] Transparent Proxy on the Gateway Box
> >
> >
> >>hi,
> >>did u enable ip forwarding on the proxy?
> >>
> >>Regards,
> >>Brian Leung
> >>System Engineer
> >>Pacific Supernet
> >>
> >>On Mon, 22 Jul 2002, Wilson Mak wrote:
> >>
> >>>Dear all,
> >>>
> >>>I have set up a transparent proxy server on the gateway machine -
> >>>
> >10.1.0.1
> >
> >>>(default gateway to all the internal users), the config is as follows:
> >>>
> >>>OS: RedHat 6.2
> >>>Cache Server: Squid/2.4.STABLE6
> >>>Port redirection: ipchains -A input TCP -s 10.1.0.0/24 -d 0/0 80 -j
> >>>
> >REDIRECT
> >
> >>>3128
> >>>Using Internal DNS server
> >>>
> >>>Squid.conf (Access Control):
> >>>acl localhost src 127.0.0.1/255.255.255.255
> >>>acl localnetwork src 10.1.0.0/255.255.255.0
> >>>.....
> >>>
> >>>http_access allow localhost
> >>>http_access allow localnetwork
> >>>http_access deny all
> >>>
> >>>All the internal usres can access the Internal and internal web servers
> >>>except the one on the gateway machine. When accessing the web server on
> >>>
> >the
> >
> >>>gateway machine (http://10.1.0.1), it always gives an error "The
> >>>
> >requested
> >
> >>>URL
> >>>could not be retrieved. The following error was encountered: Access
> >>>
> >Denied.
> >
> >>>Acess control configuration prevents you request from being allowed at
> >>>
> >this
> >
> >>>time"
> >>>(P.S The internal DNS can resolve this IP)
> >>>
> >>>Can someone help?
> >>>
> >>>Thanks in advance,
> >>>
> >>>Wilson
> >>>
> >>>
> >>
> >>
> >
> >
> >
>
>
>
>
>
Received on Mon Jul 22 2002 - 21:14:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:19 MST