helge preuss wrote:
This works with squid as a non-transparent proxy, if I set FW_REDIRECT="". However, if I set FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128", not the full URL is transmitted from the client to squid. more precisely, the protocol and hostname parts are truncated. So squid bails out with errors like
While trying to retrieve the URL: / http://www.google.de/imghp?hl=en&tab=wi&q=
The following error was encountered: Invalid URL
I haven't fiddled with the squid.conf, except for these two lines acl our_networks src 192.168.1.0/24 192.168.2.0/24 http_access allow our_networks You need to setup squid as a transparent proxy. Check the HTTPD-ACCELERATOR OPTIONS section. Add in the appropriate lines: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
Then, after editing /etc/squid/squid.conf with the above, rcsquid restart to have the changes take effect. Then, re-edit the FW_REDIRECT line and you will be good to go.
I'm scanning the SuSEfirewall guide right now, but it's a long document, and I haven't found any tips on situations like mine on first glance. Our office server is similar, 8.2, with squid and dial-in, etc., so I've been there done that. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871