Jonathan Gazeley wrote:
> Hi,
>
> I'm new to Squid. I've successfully set up a transparent cache on a
> server which is also the gateway/firewall/NAT for a small LAN. All the
> clients on my LAN use the cache properly. However, the server running
> the cache doesn't use its own cache. I've inserted what I thought were
> the correct rules into my iptables config:
>
> -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
> -A PREROUTING -s 127.0.0.1/32 -p tcp --dport 80 -j REDIRECT --to-port
> 3128
> -A PREROUTING -s 192.168.0.1/32 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
> -A PREROUTING -s x.x.x.x/32 -p tcp --dport 80 -j REDIRECT --to-port
> 3128 (external public IP)
I think it would need to be part of the OUTPUT chain. But you would
have to do some sort of packet marking to avoid matching packets from
Squid to the internet (lest you create a forwarding loop).
It's probably far easier to set the environment variable "http_proxy"
(e.g. "export http_proxy=http://localhost:3128"). Many utilities (YUM ,
apt, wget, etc) honor this.
>
> where eth0 is the LAN-facing interface.
>
> My Squid config allows proxying from localhost and localnet:
>
> http_access allow localhost
> http_access allow localnet
> http_access deny all
>
> Therefore I think I have not set up my iptables quite right. Can
> anyone confirm if this is the right way to go about catching HTTP
> requests from localhost?
>
> Many thanks,
> Jonathan
>
> ----------------------------
> Jonathan Gazeley
> Systems Support Specialist
> ResNet | Wireless & VPN Team
> Information Services
> University of Bristol
> ----------------------------
>
Chris
Received on Wed Nov 19 2008 - 19:35:00 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 20 2008 - 12:00:03 MST