From: "Joe Patterson" <jpatterson@asgardgroup.com>
To: Mike Atlas <matlas@vistainnovation.com>, netfilter@lists.samba.org
Subject: RE: Quick Question
Date: Thu, 30 May 2002 17:50:52 -0400 [thread overview]
Message-ID: <NJEFLNJDIFFNMHDEBKMJCEDKDOAA.jpatterson@asgardgroup.com> (raw)
In-Reply-To: <AIEOIGGABAHAAIOAILIDGEDFCGAA.matlas@vistainnovation.com>
[-- Attachment #1: Type: text/plain, Size: 2373 bytes --]
One quick note: This will not work for port 443. squid can only
transparently proxy for normal http traffic. If you want to deal with
https, you have two choices: either snat/masq/route the connection,
bypassing squid entirely (which cuts out some squid overhead and can be done
transparently) or tell the browser to use the the squid box on port 3128 to
proxy for https traffic (which I believe gives you somewhat nicer logging
and ACL-ability). When a browser is configured to use a proxy server for
https it makes the connection to the proxy, issues a command something like
CONNECT server:port (I'm not sure of the syntax) and then treats that like a
tcp connection to the server it's trying to get in touch with (starting up
ssl and such). If it's not configured to use a proxy, then it just makes
the tcp connection to the destination server on 443, and starts up ssl
immediately. A proxy can't intercept that transparently.
-Joe
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of Mike Atlas
Sent: Thursday, May 30, 2002 4:18 PM
To: netfilter@lists.samba.org
Subject: Quick Question
Hello Everyone. I hope you all can help me, I'm sure you can (it seems
like a pretty simple problem).
I am setting up a Squid proxy server to run in transparent mode. To do
this, I need to forward all port 80 and 443 traffic to squids' port, 3128.
Additionally, I would like all other traffic on all other ports to forward
on to the router.
I have found a script to forward port 80 to squid (note: eth1 is my
internal interface, eth0 is external):
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 3128
I assume I can run the same line for 443:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j
REDIRECT --to-port 3128
However, what can I use to forward EVERYTHING that is not port 80 out of
the eth0 interface, to our router (192.168.0.2)?
I know it has something to do with --dport ! 80, but I can't figure it
out.
Thanks for your help.
BTW, this is RedHat 72. if that makes any difference. Linux kernel
2.4.9-31.
-mike
______________________________________________
Mike Atlas 703.385.8362(v)
Senior System Engineer 703.385.3674(f)
Vista Innovation www.vistainnovation.com
[-- Attachment #2: Type: text/html, Size: 5777 bytes --]
next prev parent reply other threads:[~2002-05-30 21:50 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-30 20:17 Quick Question Mike Atlas
2002-05-30 20:31 ` Antony Stone
2002-05-30 20:54 ` Ramin Alidousti
2002-05-30 21:03 ` Antony Stone
2002-05-30 21:50 ` Joe Patterson [this message]
2002-05-30 22:11 ` Mike Atlas
-- strict thread matches above, loose matches on Subject: below --
2015-11-05 10:34 Eliza via Containers
2015-08-29 5:56 Larry
2015-08-29 5:13 Larry North
2015-08-29 4:44 Larry North
2015-07-15 8:50 Zach
2012-03-01 19:00 Max Lucchetti
2012-03-01 19:35 ` Junio C Hamano
2012-03-01 19:45 ` Max Lucchetti
2010-08-09 1:57 quick question Evert Vorster
2010-08-09 2:13 ` C Anthony Risinger
2008-05-27 17:38 Quick question Ioannis Aslanidis
2008-05-27 17:56 ` Stephen Smalley
2008-05-27 18:08 ` Ioannis Aslanidis
2008-05-27 18:26 ` Stephen Smalley
2008-05-27 19:12 ` Ioannis Aslanidis
2008-05-27 19:47 ` Stephen Smalley
2006-02-13 16:36 Radoslaw Szkodzinski
2006-02-13 16:54 ` Linus Torvalds
2006-02-13 18:26 ` Radoslaw Szkodzinski
2006-02-13 20:17 ` Alex Riesen
2006-02-14 7:52 ` Junio C Hamano
2006-02-14 0:40 ` Junio C Hamano
2006-02-14 1:50 ` Radoslaw Szkodzinski
2006-02-14 2:03 ` Junio C Hamano
2006-02-14 2:21 ` Radoslaw Szkodzinski
2004-07-11 1:29 vlobanov
2004-07-11 2:09 ` John Richard Moser
2004-02-24 3:14 Anand Eswaran
2004-02-24 4:24 ` Dave Hansen
2003-07-25 19:08 quick question tim fitz
2003-07-26 7:12 ` Yury Umanets
2003-06-26 11:00 Stephen Brown
2003-06-26 11:06 ` David Woodhouse
2003-06-26 12:26 ` Stephen Brown
[not found] ` <005301c33bda$9e5621a0$11c8a8c0@stevejunior>
2003-06-26 12:34 ` David Woodhouse
[not found] <200306031312.h53DCVFs026163@in1.magma.ca>
2003-06-03 17:58 ` Quick question David Stuart
2003-06-04 0:38 ` Paul Davis
2003-06-04 0:18 ` Jan Depner
2003-06-04 1:01 ` jfm3
2003-06-04 3:37 ` David Stuart
2003-06-04 13:14 ` Paul Davis
2003-06-02 20:01 David Stuart
2003-06-03 13:05 ` David Stuart
2003-06-03 12:51 ` Patrick Shirkey
2003-06-03 13:18 ` Paul Davis
2003-06-03 13:25 ` David E. Storey
2003-06-03 13:53 ` David Stuart
2003-06-03 14:15 ` Mark Knecht
2002-06-19 17:01 Adam K Kirchhoff
2002-06-20 7:44 ` Takashi Iwai
2002-05-30 20:10 Quick Question Mike Atlas
2002-06-13 17:37 ` Aldo S. Lagana
2001-10-19 15:55 rclarke2
2001-10-19 12:36 Quick question Gareth Williams
2001-10-19 12:22 ` David Woodhouse
2001-01-31 2:51 Quick Question Josh Kindler
2001-01-31 18:13 ` Michel Dänzer
1999-03-23 4:26 B
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=NJEFLNJDIFFNMHDEBKMJCEDKDOAA.jpatterson@asgardgroup.com \
--to=jpatterson@asgardgroup.com \
--cc=matlas@vistainnovation.com \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.