Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
FW: [suse-security] Redirect traffic for transparent proxy
  • From: "Dragan Andric" <dandric@xxxxxxxx>
  • Date: Wed, 28 Dec 2005 13:38:20 +0100
  • Message-id: <NHBBJPPJOLBFMGDELKPNMECDDEAA.dandric@xxxxxxxx>

Please check did you setup squid properly as well.

You need to uncomment and put the following directives with values in
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Happy new year.

Dragan Andric

-----Original Message-----
From: Jordi Espasa Clofent [mailto:jespasac@xxxxxxxx]
Sent: Wednesday, December 28, 2005 1:18 PM
To: suse-security@xxxxxxxx
Subject: [suse-security] Redirect traffic for transparent proxy

Hi all,

I'm trying to set up a machine with proxy-cache (Squid 2,5 STABLE); the
setting process is well-documented, but I've found a trouble when I want
redirect the traffic for transparent proxy. My goal is obvious: redirect all
traffic from port 80 (the clients) to port 3128 (the proxy in the server) to
set up transparent proxy.

The structure is:

Server eth0 -- connection to internet (EXT)
eth1 -- connection to LAN (INT)

Client eth0 -- connection to eth1 Server 172.26.0.x (where x is 2+)

1) In SuSE manual, the syntaxis of redirected traffic is (page 763 of
Reference Guide SuSE 10.0):


2) In the /etc/sysconfig/SuSEfirewall2 the comments of section 14 (┬┐whereis
section 15???) says the same line both protocols, TCP and UDP. So, the
correct syntaxis should be:


3) Both syntaxis (1 & 2) doesn't works in my server. Even I've tried to do
with iptables:

iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -j REDIRECT
--to-port 3128

Apparently squid works fine; if I test without transparent proxy (setting
client browsers to port 3128 directly) there isn't problems.

The trouble is redirect traffic.

Jordi Espasa

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >
This Thread
  • No further messages