Hi, On Saturday 06 January 2007 15:44, zulkarnain wrote:

I'm running tproxy with the squid server in different box, my topology look like this:

[Client]-------[Squid]---[tproxy/FW]----[Web server] 192.168.1.3 192.168.1.2 192.168.1.1 192.168.2.2 192.168.2.1

[squid] - tproxy patched kernel and iptables-1.3.6

[tproxy/FW]: iptables -t tproxy -A PREROUTING -i eth0 -s ! 192.168.1.2 -m tcp -p tcp --dport 80 -j TPROXY --on-port 3128 --on-ip 192.168.1.2

It looks like you're somewhat confused where the tproxy patches should go. If Squid and the firewall are on different machines, you don't have to use tproxy on the firewall itself but on the Squid machine. In that case something like the rule above should be working.

with the config above, my squid not running well. I read on "Transparent Proxy with Linux and Squid mini-HOWTO" there are some rules I've to configure which is;

iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128

iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box

iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

I guess these rules are not for the setup you've described. It seems to me that this would be appropriate you used something like this: 192.168.3.2 [Squid] + [Client]-----[FW]------------[Web server] 192.168.1.3 192.168.1.1 192.168.2.2 192.168.2.1 192.168.3.1 -- Regards, Krisztian Kovacs