Прозрачное прокси (наверно опять)

0

0

Где ошибка? Не работает прозрачное проксирование работает если прописать в броузере обязательное проксирование

*nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0]

# On web -A PREROUTING -i eth1 -p tcp -m tcp -d 192.168.0.3/32 --dport 80 -j ACCEPT

# Forward HTTP connections to Squid proxy -A PREROUTING -i eth1 -s 192.168.0.0/16 -d ! 192.168.0.3 -p tcp -m multiport --dport 80,81,82,83,88,8000,8001,8002,8080,8081 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth1 -s 192.168.0.0/16 -d ! 192.168.0.3 -p udp -m multiport --dport 80,81,82,83,88,8000,8001,8002,8080,8081 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth1 -s 192.168.0.0/16 -d ! 192.168.0.3 -p tcp -m multiport --dport 8082,8083,8091,8100,8101,8102,8103,8080,8888,777 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth1 -s 192.168.0.0/16 -d ! 192.168.0.3 -p udp -m multiport --dport 8082,8083,8091,8100,8101,8102,8103,8080,8888,777 -j REDIRECT --to-ports 3128

COMMIT

*filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0]

# Accept traffic from internal interfaces -A INPUT -p All -i eth1 -j ACCEPT -A INPUT -p All -i lo -j ACCEPT

# Accept traffic with the ACK flag set -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT

# Allow incoming data that is part of a connection we established -A INPUT -m state --state ESTABLISHED -j ACCEPT

# Allow data that is related to existing connections -A INPUT -m state --state RELATED -j ACCEPT -A FORWARD -m state --state RELATED -j ACCEPT

# Accept responses to DNS queries -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT

# Accept responses to our pings -A INPUT -i eth2 -p icmp -m icmp -s XXX.XXX.XXX.XXX/32 --icmp-type echo-request -j ACCEPT -A OUTPUT -p icmp -m icmp -s YYY.YYY.YYY.YYY/32 -d XXX.XXX.XXX.XXX/32 --icmp-type echo-reply -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT

# Accept notifications of unreachable hosts -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT

# Accept notifications to reduce sending speed -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT

# Accept notifications of lost packets -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT

# Accept notifications of protocol problems -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT COMMIT

Ссылка

Эммм а ты в сам squid то изменения в кнфиг внёс? Там кажись виртуал хост добавить нада...

gizmo ★
(29.01.06 13:40:01 MSK)

по-поему тебе сюда: http://squid.opennet.ru

anonymous
(29.01.06 15:56:06 MSK)

В squid прописано

http_port 192.168.0.3:3128 httpd_accel_host virtual on #httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on

anonymous
(29.01.06 16:18:03 MSK)

Похожие темы