Search This Blog

Thursday, July 07, 2005

Re: Iptables, Squid.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

z.varady@chello.hu wrote:
> I dont know what is the connection tracking. I just saw in another questions-reply and i set it up but it didnt help.
> Do you know what ports should i enabled for the squid???? This is my main problem. Nobody using his firewall with proxy in the same time in same pc?
>
>
>

Ok, this will help you:

apt-get install nmap

once that is installed:

nmap localhost (to be run from/on the actual firewall/proxy computer)

In the output look for something like:

8080/tcp open http-proxy

The port number 8080 might be different, but that is the port the squid
is listening on.

Then, assuming you are trying to build a transparent proxy server, the
iptables rule should look something like:

# Force outgoing http requests to use the transparent proxy server
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
- - --to-port 8080

This assumes:

eth0 is your internal network interface
squid is listening for connections on port 8080, change 8080 to the
number of the port identified by nmap above.

There is plenty of documentation available at

http://www.squid-cache.org/ and google (search for "transparent proxy squid"

HTH,

Regards,

Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCzOc262r58u1gKlkRAlPfAKCIYOjql1knbh5BK2zFXtT8CEHe/wCgv0nO
tOQecSjiZiTgUsmKwK6xUj0=
=a+V1
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: