fierywizard n00b
Joined: 09 Oct 2002 Posts: 2
|
Posted: Sun Nov 10, 2002 11:51 pm Post subject: iptables and routing for squid proxy |
|
|
Hello,
I'm trying to set up squid as a transparent proxy on a different machine from my firewall.
I can use squid if I explicitly set browser proxy settings but when I try to set up the routing to make it transparent I run into a bit of trouble.
When using iptables to mark packets going to internet:80 and reroute them to squid:80 the browser times out, and there are no log messages in either the kernel log on the firewall or the squid logs.
Here is my setup:
I have a firewall with three nics, eth0 -> internal network (192.168.2.0/24), eth1 -> internet, eth2 -> dmz (192.168.1.0/24).
Squid is running on a machine in the dmz, 192.168.1.2.
I have made these changes in squid.conf:
http_port 80
http_access allow all (First of the acl lines)
httpd_accel_port 8080
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
On the firewall machine I have done the following:
added a routing table by putting the following line in /etc/iproute2/rt_tables
2 www.out
indicated that packets destined for port 80 should be marked, using shorewall, by adding the following line to /etc/shorewall/tcrules
2 eth0 0.0.0.0/0 tcp 80
in the /etc/shorewall/tcstart file I've added the following lines to put packets marked '2' into the www.out routing table and add a default route for packets in the www.out table via 192.168.1.2
ip rule add fwmark 2 table www.out
ip route add default via 192.168.1.2 dev eth2 table www.out
ip route flush cache
If anyone can tell me why this isn't working, or tell me how to go about findng the problem, I would be _incredibly_ appreciative!
Thanks
Daniel |
|