From: Brent Clark <brentgclarklist@gmail.com>
To: 'Mail List - Netfilter' <netfilter@vger.kernel.org>
Subject: Different kind transparent proxy
Date: Thu, 09 Oct 2008 13:01:42 +0200 [thread overview]
Message-ID: <48EDE496.8000900@gmail.com> (raw)
Hi
I have a basic home setup, the router / gate and the proxy server sit on
different machines (Dont want squid on the FW).
I have a client that I want to access the web, but via squid.
The proxy and the client, both are on the same LAN etc.
Here are my rules.
For PREROUTING nat I have
186 10692 DNAT tcp -- eth1 * !192.168.111.9
0.0.0.0/0 multiport dports 80,443 to:192.168.111.9:3128
In my FORWARD filter I have
362 20472 LANWEB tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3128
For my LANWEB chain I have
Chain LANWEB (1 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 192.168.111.9 LOG flags 0
level 4 prefix `ECCOWALL I'
ACCEPT tcp -- 0.0.0.0/0 192.168.111.9
LOG tcp -- 0.0.0.0/0 192.168.111.9 LOG flags 0
level 4 prefix `ECCOWALL O'
For some reason I cant get this working.
I have a look at the squid logs and theres nothing.
Using tcpdump on the gateway I am seeing,
tcpdump -n -i eth1 port 3128
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
12:54:55.611493 IP 192.168.111.31.40550 > 192.168.111.9.3128: S
233035686:233035686(0) win 5840 <mss 1460,sackOK,timestamp 3618633
0,nop,wscale 6>
12:54:55.611653 IP 192.168.111.9.3128 > 192.168.111.31.40550: S
1234458253:1234458253(0) ack 233035687 win 5792 <mss
1460,sackOK,timestamp 737699015 3618633,nop,wscale 2>
And on squid
root@eccowall:~# tcpdump -n port 3128
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:56:42.322401 IP 192.168.111.31.42990 > 192.168.111.9.3128: S
1202540725:1202540725(0) win 5840 <mss 1460,sackOK,timestamp 3645306
0,nop,wscale 6>
12:56:42.322693 IP 192.168.111.9.3128 > 192.168.111.31.42990: S
2913335189:2913335189(0) ack 1202540726 win 5792 <mss
1460,sackOK,timestamp 737725700 3645306,nop,wscale 2>
12:56:42.322435 IP 192.168.111.31.42990 > 192.168.111.9.3128: R
1202540726:1202540726(0) win 0
But i cant understand cause the browser is not displaying anything.
If anyone could help, it would be appreciated.
TIA
Regards
Brent Clark
next reply other threads:[~2008-10-09 11:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-09 11:01 Brent Clark [this message]
2008-10-09 11:04 ` Different kind transparent proxy Brent Clark
2008-10-10 18:04 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48EDE496.8000900@gmail.com \
--to=brentgclarklist@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.