From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Abylai Ospan" Subject: transparent squid & iptables Date: Sun, 15 Dec 2002 12:56:42 +0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: <008201c2a420$487f82a0$8902010a@alkaloid> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_007F_01C2A439.6A4122E0" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_007F_01C2A439.6A4122E0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Hello, All. We tried to make transparent squid on 127.0.0.1 and REDIRECT (or DNAT) = in iptables but iptables redirect pakets to the received interface IP.=20 In the iptables: iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT 3128 For example: packet from user (IP: 10.0.0.5) to www.ru:80 received on eth0 (IP: = 10.0.0.1). Packet redirected to the 10.0.0.1:3128 but squid listen on = 127.0.0.1:3128 so nothing work ;-( How we can redirect packet to the 127.0.0.1 port 3128 in iptables ?! wbr, Abylai NetUP Systems Moscow, Russia ------=_NextPart_000_007F_01C2A439.6A4122E0 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable

Hello, All.

We tried to make transparent squid on = 127.0.0.1 and=20 REDIRECT (or DNAT) in iptables but iptables redirect pakets to the = received=20 interface IP.

In the iptables:

iptables -t nat -A PREROUTING -p TCP = --dport 80 -j=20 REDIRECT 3128

For example:

packet from user (IP: 10.0.0.5) = to www.ru:80 received=20 on eth0 (IP: 10.0.0.1). Packet redirected to the 10.0.0.1:3128 but squid = listen=20 on 127.0.0.1:3128 so nothing work ;-(

How we can redirect packet to the = 127.0.0.1 port=20 3128 in iptables ?!

wbr, Abylai

NetUP Systems

Moscow, = Russia

------=_NextPart_000_007F_01C2A439.6A4122E0-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arindam Haldar Subject: Re: transparent squid & iptables Date: Mon, 16 Dec 2002 16:34:27 +0530 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3DFDB33B.70406@inbox.lv> References: <008201c2a420$487f82a0$8902010a@alkaloid> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Abylai Ospan Cc: netfilter@lists.netfilter.org iptables -A PREROUTING -t nat -p 6 --dport 80 -j REDIRECT --to-port 3128 Abylai Ospan wrote: > Hello, All. > > We tried to make transparent squid on 127.0.0.1 and REDIRECT (or DNAT) > in iptables but iptables redirect pakets to the received interface IP. > > In the iptables: > iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT 3128 > > For example: > packet from user (IP: 10.0.0.5) to www.ru > :80 received on eth0 (IP: 10.0.0.1). Packet redirected to > the 10.0.0.1:3128 but squid listen on 127.0.0.1:3128 so nothing work ;-( > > How we can redirect packet to the 127.0.0.1 port 3128 in iptables ?! > > wbr, Abylai > NetUP Systems > Moscow, Russia From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Andrew J. Meader" Subject: Re: transparent squid & iptables Date: Mon, 16 Dec 2002 08:23:53 -0600 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3DFDE1F9.6020507@corp.lcom.net> References: <008201c2a420$487f82a0$8902010a@alkaloid> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Abylai Ospan , netfilter@lists.netfilter.org Hi, Here is how I am doing it and it works nicely: iptables -t nat -A PREROUTING -i $LOCAL -p tcp --dport 80 -j REDIRECT \ --to-port 3128 echo "PREROUTING: enableling transparent http proxy" Have fun! Andy Abylai Ospan wrote: > Hello, All. > > We tried to make transparent squid on 127.0.0.1 and REDIRECT (or DNAT) > in iptables but iptables redirect pakets to the received interface IP. > > In the iptables: > iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT 3128 > > For example: > packet from user (IP: 10.0.0.5) to www.ru :80 received > on eth0 (IP: 10.0.0.1). Packet redirected to the 10.0.0.1:3128 but > squid listen on 127.0.0.1:3128 so nothing work ;-( > > How we can redirect packet to the 127.0.0.1 port 3128 in iptables ?! > > wbr, Abylai > NetUP Systems > Moscow, Russia