[tproxy] NAT to TPROXY convertion rules
zulkarnain
sizulku at yahoo.com
Sat Jan 6 15:44:07 CET 2007
Hi,
I'm running tproxy with the squid server in different
box, my topology look like this:
[Client]-------[Squid]---[tproxy/FW]----[Web server]
192.168.1.3 192.168.1.2 192.168.1.1 192.168.2.2
192.168.2.1
[squid]
- tproxy patched kernel and iptables-1.3.6
[tproxy/FW]:
iptables -t tproxy -A PREROUTING -i eth0 -s !
192.168.1.2 -m tcp -p tcp --dport 80 -j TPROXY
--on-port 3128 --on-ip 192.168.1.2
with the config above, my squid not running well. I
read on "Transparent Proxy with Linux and Squid
mini-HOWTO" there are some rules I've to configure
which is;
iptables -t nat -A PREROUTING -i eth0 -s ! squid-box
-p tcp --dport 80 -j DNAT --to squid-box:3128
iptables -t nat -A POSTROUTING -o eth0 -s
local-network -d squid-box -j SNAT --to iptables-box
iptables -A FORWARD -s local-network -d squid-box -i
eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT
the problem is some of those rule are not compatible
with tproxy table, is there any guide on how to
convert it to tproxy rules? any help would be greatly
appreciated.
regards,
Zul
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the tproxy
mailing list