[plug] Squid / Transparent Proxying / iptables
Arkem
arkem at mornmist.2y.net
Tue Sep 18 21:41:50 WST 2001
Hi Everyone
Recently I decided to dedicate some of my ample /var/ partition free
space to a nice large web cache also to help those on the same lan
using my computer as a gateway I made it transparent (changed the
recommended settings in squid) by forwarding all port 80 traffic not
coming in through the external interface to the proxy server using
the command:
/sbin/iptables -t nat -A PREROUTING -p tcp -i !ppp0 --dport 80 \
-j DNAT --to 192.168.0.10:8080
This works great but now I seem to be getting some slowdowns when web
surfing (I haven't really investigated the cause much but since it
just acts unresponsive... speed is still there just the response time
is shocked) I've decided that I'd like to make my redirection a
little more specific to make locally bound web traffic not be passed
to the proxy. I tried a couple of things but it didn't seem to work
the attempt that I had the most hope in was:
/sbin/iptables -t nat -N cache_check
/sbin/iptables -t nat -A PREROUTING -p tcp -i !ppp0 --dport 80 \
-j cache_check
/sbin/iptables -t nat -A cache_check -p tcp -d 192.168.0.0/16 \
-j ACCEPT
/sbin/iptables -t nat -A cache_check -p tcp -d 127.0.0.1/32 -j ACCEPT
/sbin/iptables -t nat -A cache_check -p tcp --dport 80 -j DNAT \
--to 192.168.0.10:8080
Though unfortunately this still seem to route all web traffic through
squid even the local traffic. Can anyone see a problem with this or
make any suggestions (about the redirection problem or about the
squid problem) They'd be very appreciated.
Regards, Paul Chamberlain
More information about the plug
mailing list