[ILUG] transparent redirect with squid and ipchains
Martin Feeney
martin at tuatha.org
Fri Jun 9 12:03:30 IST 2000
You need the following in your squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
and a rule something like this for ipchains:
ipchains -A input -j REDIRECT 3128 -s 192.168.x.0/24 -d any/0 80 -p tcp
(replace 192.168.x.0/24) with valid internal network.
My stupid mistake was to put this rule after the -j ACCEPT for all
internal networks so it never hit the rule. Oh well, at least it's
working now.
You'll also have to recompile the kernel with CONFIG_IP_TRANSPARENT_PROXY
on. This requires turning on the experimental switch.
Martin.
More information about the ILUG
mailing list