Still struggling with transparent proxy
Joe Tseng
joe_tseng at hotmail.com
Thu Feb 21 21:53:47 UTC 2008
So I looked at the page regarding transparent proxies at TLDP (http://tldp.org/HOWTO/TransparentProxy-6.html#ss6.1) based on recommendations on this list and tried it out. I'm currently not able to get the web client to access my test server. When I look at my wireshark results on my proxy I get something like this:
1. 60.1.1.2 80.1.1.3 TCP xxxx > 80 [SYN]
2. 60.1.1.2 70.1.1.3 TCP xxxx > 3128 [SYN]
3. 70.1.1.3 60.1.1.2 TCP 3128 > xxxx [SYN, ACK]
4. 60.1.1.2 70.1.1.3 TCP xxxx > 3128 [RST]
60.1.1.2 -> web client
70.1.1.3 -> squid proxy
80.1.1.3 -> web server
My firewall has external and internal interfaces (with the internal interface being 70.1.1.1). My proxy is able to access my web server without issues. My squid has just these three lines changed:
http_port 3128 transparent
http_access allow all
visible_hostname proxy
The baffling thing is the client can access the server but only if I explicitly tell it to use 70.1.1.3:3128.
I'm quite stumped and help would be appreciated. Thx.
- Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080221/eb846e32/attachment-0001.htm>
More information about the fedora-list
mailing list