[squid-users] Intercept mode failing

Antony Stone Antony.Stone at squid.open.source.it
Tue Jan 3 09:33:53 UTC 2017


On Tuesday 03 January 2017 at 10:17:54, Hoggins! wrote:

> Hello list,
> 
> I'm trying to do a simple intercept with Squid. Here is my setup :
> 
> I have a LAN with machines on 192.168.22.0/24. Their gateway is
> 192.168.22.10. On this machine, I have set the following iptables rule :
> 
>     iptables -t nat -A PREROUTING -i eth0.100 ! -d 192.168.0.0/16 -p tcp
> --dport 80 -j DNAT --to 192.168.55.3:3129
> 
>     - 192.168.55.3 being the Squid server

No - you must do the NAT (or REDIRECT) rule *on the Squid server*.

If you need to use policy routing to get the packets to the Squid machine in 
the first place, that's okay, but this *must* be packet routing, not address 
translation.

See http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat 
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect and 
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute


Antony.

-- 
In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are 
British, the mechanics are German, the lovers are French, the entertainment is 
American, and everything is organised by the Swiss.

In Hell, the beer is American, the chefs are British, the supermarkets are 
German, the mechanics are French, the lovers are Swiss, the entertainment is 
Belgian, and everything is organised by the Italians.

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list