<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Jan,<br>
<br>
Tried the stuff as explained by you.<br>
<br>
1. tcp_outgoing_address <ip address of the cache server><br>
2. http_port 3128 tproxy<br>
3. iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
TPROXY --on-port 80<br>
<br>
But the websites don't load after that. <br>
Do I need to change the iptable route. The default rule for tproxy is <br>
iptables -t tproxy -A PREROUTING -j TPROXY --on-port <proxyport><br>
<br>
Tried changing the proxy port to 80 and 3128 but no luck.<br>
<br>
Regards<br>
Sunil<br>
<br>
Jan Engelhardt wrote:
<blockquote cite="midPine.LNX.4.61.0608081045240.31428@yvahk01.tjqt.qr"
type="cite">
<blockquote type="cite">
<pre wrap="">Jan,
Am running the cache server with only one eth interface having a Public
IP address i.e. eth0.
</pre>
</blockquote>
<pre wrap=""><!---->
You need at least two interfaces to get any form of SNAT working
reasonably. (but see below)
</pre>
<blockquote type="cite">
<pre wrap="">There is no bridge interface.
So, if my interface ip address is 192.168.1.1 should the tcp_outgoing
_address be 192.168.1.1.
</pre>
</blockquote>
<pre wrap=""><!---->
Yes.
</pre>
<blockquote type="cite">
<pre wrap="">Since all the configuration looks ok now and iptables is accepting the
command
iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
TPROXY --on-port 80
</pre>
</blockquote>
<pre wrap=""><!---->
This is just DNAT, it will work as intended.
</pre>
<blockquote type="cite">
<pre wrap="">could the outgoing address be the only issue?
</pre>
</blockquote>
<pre wrap=""><!---->
'tproxy on' in squid.conf, of course :)
</pre>
<blockquote type="cite">
<pre wrap="">Will check and confirm if it works with that.
</pre>
</blockquote>
<pre wrap=""><!---->
Jan Engelhardt
</pre>
</blockquote>
</body>
</html>