Hi !
I have problem with transparent proxy feature using squid and linux
iproute utility - i want to remowe squid from my main router - solution
taken from LARTC howto.
The problem is that marked packtes by iptables are not routed to
destination squid machine - I know that marking is working because
countners in iptables are biger.
My way:
- compiled kernel with required option - ADVANCED ROUTER etc.
- iptables compiled with new kernel
- required options to iptables:
PREROUTING -s 10.10.32.61 -i eth0 -p tcp -m tcp --dport 80 -j MARK
--set-mark 0x2
- table to rt_tables:
echo 202 www.out >> /etc/iproute2/rt_tables
- ip rule command:
ip rule add fwmark 2 table www.out
- ip route command (squid machine is in a different network than router)
ip route add default via 10.10.21.2 via 10.10.20.1 dev eth0 table www.out
- iptables on squid (i cant see any regular traffic comming to 80 port
with tcpdump - there is no "port forwarding" and countners are not
changing):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
Everything was set like in lARTC howto.
Conf: kernel 2.4.22, iptables 1.2.8a, iproute2 2.4.7 (rpm rh9).
greetz
boka
Received on Sun Sep 21 2003 - 15:24:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:59 MST