-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Donnerstag, 13. Dezember 2001 16:16 schrieb Robert Szentmihalyi:
Hi,
I have set up a DSL router (SuSE Linux 7.3, kernel 2.4.16 + grsecurity-1.9) which does packet filtering with SuSEfirewall2
Now, because of the problems some sites with impropery configured firewalls (like www.gmx.de and www.postbank.de) have with Path MTU discovery, I have set up squid on the router.
The sites are accessible now, but I don't seem to get SuSEfirewall2 to transparently redirect http traffic to port 3128, so that I don't have to configure each client to use the proxy.
I set FW_SERVICE_SQUID="yes" and FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128" but it doesn't seem to help much... Any ideas on what I could have overlooked?
Robert, this is a good start. Maybe you have to write FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128 192.168.100.0/24,0/0,udp,80,3128" Did you prepare /etc/squid.conf for transparent proxy support? # this is needed for transparent proxy: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Have a lot of fun ... - -- Best Regards, Manfred Schirmer CSE GmbH network administrator mailto:manfred.schirmer@cse.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8GOLzQfdrwk3vCGYRAqB/AJ9P9A45k3wUWkZNidGPlnp54XO84gCeMRwj fmWkh2utMy0IDZJsrWy6eL0= =XLXF -----END PGP SIGNATURE-----