Hi Ben,
There sure is :)
Change the IP Tables rule at the bottom to something like this:
/sbin/iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.0.0/24
--dport 80 -j REDIRECT --to-port 3128
Replace the 192.168 with your network. Keep in mind that you can have
multiples of these :)
In a nutshell, IP Tables was making each request (even from the outside
world) go via Squid.
The other solution is to process those via squid, which will take some
load off the web servers.
Cheers,
Pieter
On 26/01/2011 06:43, Ben Greear wrote:
> Hello!
>
> We have a squid + bridge + transparent proxy working pretty
> well. It seems to be properly caching and dealing with data
> when requests are coming from behind the bridge to the outside
> world.
>
> But, there are some web servers behind the bridge that should
> be accessible to the outside world. When the outside attempts
> to access them, squid is attempting to cache those requests
> as well.
>
> Is there any way to just have squid handle traffic originating
> on the inside?
>
> We're using firewall rules like this:
>
> /sbin/ebtables -t broute -A BROUTING -i br0 -p IPv4 --ip-protocol 6
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
> /sbin/iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j
> REDIRECT --to-port 3128
>
> Thanks,
> Ben
>
Received on Tue Jan 25 2011 - 17:48:28 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 25 2011 - 12:00:03 MST