[squid-users] Intercept mode failing
Antony Stone
Antony.Stone at squid.open.source.it
Tue Jan 3 09:33:53 UTC 2017
On Tuesday 03 January 2017 at 10:17:54, Hoggins! wrote:
> Hello list,
>
> I'm trying to do a simple intercept with Squid. Here is my setup :
>
> I have a LAN with machines on 192.168.22.0/24. Their gateway is
> 192.168.22.10. On this machine, I have set the following iptables rule :
>
> iptables -t nat -A PREROUTING -i eth0.100 ! -d 192.168.0.0/16 -p tcp
> --dport 80 -j DNAT --to 192.168.55.3:3129
>
> - 192.168.55.3 being the Squid server
No - you must do the NAT (or REDIRECT) rule *on the Squid server*.
If you need to use policy routing to get the packets to the Squid machine in
the first place, that's okay, but this *must* be packet routing, not address
translation.
See http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect and
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
Antony.
--
In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are
British, the mechanics are German, the lovers are French, the entertainment is
American, and everything is organised by the Swiss.
In Hell, the beer is American, the chefs are British, the supermarkets are
German, the mechanics are French, the lovers are Swiss, the entertainment is
Belgian, and everything is organised by the Italians.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list