boka
2003-May-14 19:29 UTC
Transparent web-caching using netfilter, iproute2 and squid - from cookbook - problem
Hi ! I want to set up the same functionality using squid and iproute. I have a netfilter box (2.4.20 kernel 10.10.9.2) and squid box (10.10.10.9). My conf is: On netfilter box: [root@nat root]# ip rule sh 0: from all lookup local 32765: from all fwmark 0x3 lookup 2 32766: from all lookup main 32767: from all lookup 253 [root@nat root]# ip route sh table 2 default via 10.10.9.1 dev eth0 [root@nat root]# iptables -t mangle -L PREROUTING Chain PREROUTING (policy ACCEPT) target prot opt source destination ACCEPT tcp -- squid anywhere tcp dpt:http MARK tcp -- anywhere anywhere tcp dpt:http MARK set 0x3 On squid box: [root@bishop root]# iptables -L PREROUTING -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080 I was looking through tcpdump on netfilter and squid box, and there is no traffic between them ... ps. i have send the same email from different email account but my message was bounced ... -- "W przyszoci bdziemy yli albo w faszyzmie albo demokracji. Jeli bdziesz sta z boku, to bdzie to faszyzm" Richard K. Moore pozdrawiam boka@sto-procent.art.pl _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/