Hello Guys,
I'm actually running several linux boxes with squid and transparent
proxying. It works just perfectly.
ipchains and iptables rules I use are:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport www -j
REDIRECT --to-port 8080
ipchains -A input -p TCP -i eth0 -d 0/0 www -j REDIRECT 8080
As I said, works just perfectly.
I've also transparent redirected, with the same rules, packets
outgoing on port 8080 to local port 8080. Doing this, I was disabling my
internal users to configure their browsers for using an external proxy,
thus overcoming my navigation rules. NAT on port 8080 IS disabled, but
I'd like their browsers to work with this configuration but using my
local proxy, even they've configured an external one. Works just
perfectly too. Did the same on 3128 and works fine.
Altough, I've found some webpages that have some links to
http://something:8080/blabla/bla.html. In this situation, as you can
imagine, the page is NOT showing. It returns a 404 error, that means,
page not found.
But, watching the logs, I could notice that the file trying to be
accessed is http://something/blabla/bla.html ( note the :8080 is not
present here ). I can imagine this is being done by the httpd_accel_port
that is 80.
I've tried to change it to 8080. Great, the :8080 page works, but
all the others ( :80 ) stop working, and squid is trying to get them as
:8080/path/file.htm ...
At this moment, on the computers that need to access those pages,
I'm configuring the Proxy on their browsers. This seems to solve the
problem, as Transparent Proxy is not used anymore.
Question is: Is is possible to configure Squid to get all these
working together ? I mean ..... 8080 being redirected to squid and squid
treat them right, no matter it's proxy 8080 or webserver 8080 ??
Squid Version: 2.4.S3 compiled from tarball
with --enable-linux-netfilter
Linux Red Hat 7.1 with kernel 2.4.17 and 2.2.20
iptables v1.2.4
ipchains v1.3.10
( note I'm booting a real 2.2.20 kernel to test ipchains, and not
2.4 with ipchains compatibility module )
Sincerily,
Leonardo Rodrigues
Persocom Network
Received on Mon Jan 07 2002 - 09:38:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST