From: Mart Frauenlob <mart.frauenlob@chello.at>
To: netfilter@vger.kernel.org
Subject: Re: transparent proxy
Date: Sat, 13 Mar 2010 09:21:23 +0100 [thread overview]
Message-ID: <4B9B4B03.7000708@chello.at> (raw)
In-Reply-To: <857a760cf2ade9bdadec40329e2e010b@mail.treenet.co.nz>
On 10.03.2010 01:23, netfilter-owner@vger.kernel.org wrote:
> On Wed, 10 Mar 2010 00:44:14 +0100, "Marco Schuth" <marco@it-schuth.net>
> wrote:
>> Hello,
>>
>> Iam using iptables on my router, and have a dedicated proxy server with
>> squid sarg and squidguard running.
>>
>> all the clients send the request for a website to the default gw (router
>
>> 10.12.0.1) the router redirects (dnat)
>> the package to the proxy server ip:10.12.0.250
>> but in the logs i get the ip from the router.
>
> NAT destroys the IP addresses before they leave the machine doing NAT.
> Please read the Squid FAQ examples of how to configure policy routing ...
>
> Router:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
>
> Squid box:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
>
> Amos
> Squid Project
Hello,
I'd like to ask, if in the above examples, the ACCEPT rules need to be
placed in the mangle table?
Is there a specific reason, couldn't it be done in the filter table?
As that would be the intended/preferred use for filtering?
If so, don't the examples teach people 'bad manners'?
Best regards
Mart
next prev parent reply other threads:[~2010-03-13 8:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-09 23:44 transparent proxy Marco Schuth
2010-03-10 0:23 ` Amos Jeffries
2010-03-13 8:21 ` Mart Frauenlob [this message]
2010-03-13 10:05 ` /dev/rob0
2010-03-13 12:08 ` Mart Frauenlob
2010-03-13 12:11 ` Mart Frauenlob
2010-03-13 16:41 ` /dev/rob0
2010-03-13 21:58 ` Mart Frauenlob
-- strict thread matches above, loose matches on Subject: below --
2005-02-03 12:30 Luca Ferrari
2005-02-03 15:58 ` Jens Knoell
2005-02-05 18:22 ` Andreas Unterkircher
2005-02-05 19:42 ` Adrian C.
2005-02-05 20:22 ` Andreas Unterkircher
2005-02-05 20:47 ` Andreas Unterkircher
2004-03-17 12:33 Fredrik Emil Jensen
2004-03-17 14:21 ` David Cannings
2004-03-15 9:19 Fredrik Emil Jensen
2004-03-16 1:57 ` Alexander Samad
2004-03-16 8:44 ` Antony Stone
2004-02-27 19:19 Guillermo Chui Lau
2004-02-27 8:48 Tomasz Macioszek
2004-02-27 9:18 ` Jeroen Vriesman
2004-02-27 9:27 ` Antony Stone
2004-02-27 10:25 ` Jeroen Vriesman
2004-02-27 11:50 ` John A. Sullivan III
2004-02-27 17:00 ` Daniel F. Chief Security Engineer -
2003-09-10 21:19 Transparent Proxy Kilson Arruda
2002-11-25 13:04 Cyril COUPEL
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B9B4B03.7000708@chello.at \
--to=mart.frauenlob@chello.at \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.