I was setting up a transparent squid proxy server on a single NIC machine. (got it working to) then I went to a multi-homed machine and no matter how I tweak the firewall rules are killing me and will not allow the nat redirect to take incoming traffic on port 80 and give it to port 3128 iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -j REDIRECT --to-port 3128 but even with this rule all normal (browser set up to use proxy works) but nothing on port 80. V ^ | | | | +-------------------------------+ |(trusted NIC) (ext NIC)| | Squid | +-------------------------------+ The iptables rules generated by SuSE 8.2 Pro SuSEFIREWALL2 are quite extensive. Any help would be appreciated.
David Blomber wrote:
I was setting up a transparent squid proxy server on a single NIC machine. (got it working to) then I went to a multi-homed machine and no matter how I tweak the firewall rules are killing me and will not allow the nat redirect to take incoming traffic on port 80 and give it to port 3128 [...] V ^ | | | | +-------------------------------+ |(trusted NIC) (ext NIC)| | Squid | +-------------------------------+
I have the following in my /etc/sysconfig/SuSEfirewall2: FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128 192.168.0.0/16,0/0,udp,80,3128" (One long line). It does exactly that. Stefan
participants (2)
-
David Blomber -
Stefan Waidele jun.