[TCLUG] NAT redirect question

[Austad, Jay]

Actually, I think you can do it with ipchains.  You need to make sure you
enable packet mangling in the kernel.  Then read the packet mangling howto.


-----Original Message-----
From: Nate Carlson [mailto:natecars at real-time.com]
Sent: Sunday, September 30, 2001 12:56 PM
To: tclug-list at mn-linux.org
Subject: Re: [TCLUG] NAT redirect question


On Sat, 2001-09-29 at 21:20, Jon Schewe wrote:
> I want to setup squid as a transparent proxy.  I've found the appropriate
> pages on how to do this.  The question I have is this.  When you setup the
> redirect you tell your firewall to redirect all requests to any outside
> machines port 80 to the port that squid is listening on and then squid
handles
> it all.  Now what if squid is running on a machine on the inside of my
> firewall?  Won't the packets sent from squid to request the pages get
caught
> up in the same redirect and the packets won't get anywhere?  How do I
solve
> this problem?  I'd rather not run squid on my firewall, but I can if
needed.
> 

Talking iptables or ipchains?

Using ipchains, I don't think it's possible to redirect to a non-local
machine.

Using iptables, you simply set up two rules; one that says traffic from
the Squid host is allowed and not rejected, and the second that
redirects by default.

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500