[CS-FSLUG] squid/squidguard transparent proxy but not server (iptable rules)
Tim Young
Tim.Young at LightSys.org
Wed Sep 26 09:43:52 CDT 2012
Hi,
I typed your command into my test box and it worked on Centos 6.
You may want to try adding a "-m tcp", my centos decided that I was
implying that and added it automatically to the generated iptables rule.
- Tim Young
On 9/26/2012 10:16 AM, Mark Clayton wrote:
> I run squid/squidguard on my ubuntu server. I usually use the
> following iptable rule so that localhost httpd traffic is directed to
> squid:
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> I wanted to temporarily change that so that localhost traffic is not
> redirected. In my notes I have the rule to do that as:
> iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 10.0.1.0/24 --dport
> 80 -j REDIRECT --to-port 3128
> The difference being "-d ! 10.0.1.0/24". But this gives the error:
> Bad argument `10.0.1.0/24'
>
> Any idea what I'm doing wrong?
>
> I'm doing this because I have a server issue that I'm trying to
> understand. I run avahi along with squid/squidguard on my ubuntu
> server with clients using bonjour. It seems squid bypasses
> nsswitch.conf or resolv but I'm trying to confirm it's not my iptable
> rules. Without the rules applied the lan clients can resolve .local.
> addresses but once I apply my rules the clients, whether or not they
> use the ubuntu server as the proxy, cannot resolve the addresses. Very
> frustrating because I don't want to have to remember ip numbers when
> it's hard enough to remember client names!
>
> Thanks,
> Mark Clayton
> --
> claytoncapers.blogspot.com
> www.mark-clayton.com
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>
More information about the Christiansource
mailing list