transparent proxy

Antonio M antonio.montagnani at gmail.com
Fri Feb 29 11:37:44 UTC 2008 

My router (runnin F9) was acting as transparent proxy....
This morning when connecting my Skype fon it didn't connect!!! well I
connected my laptop and I was not able to surf the net, to read
e-mails. I was surprised because It worked fine since a long time.
My router has two NIC's, from the laptop I could not ping my modem!!
I mad ethe following tests:
I connected Firefox by Squid (and it was o.k.)
I disabled the forward HTTP connections to Squid Proxy putting a # in
front of line -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j
REDIRECT --to-ports 3128

What is wrong (iptables or squid)???
iptables-1.3.8-6.fc9
squid-3.0.STABLE1-3.fc9

I think squid as latest release was installed two days ago, while
iptables is much older.

As attachment you will find my squid.conf file


# Generated by iptables-save v1.3.8 on Sun Nov 11 10:15:45 2007
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
# Forward HTTP connections to Squid proxy
-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
COMMIT
# Completed on Sun Nov 11 10:15:45 2007
# Generated by iptables-save v1.3.8 on Sun Nov 11 10:15:45 2007
*mangle
:PREROUTING ACCEPT [138:11158]
:INPUT ACCEPT [50:6740]
:FORWARD ACCEPT [88:4418]
:OUTPUT ACCEPT [41:6038]
:POSTROUTING ACCEPT [129:10456]
COMMIT
# Completed on Sun Nov 11 10:15:45 2007
# Generated by iptables-save v1.3.8 on Sun Nov 11 10:15:45 2007
*filter
#Originale
#:INPUT ACCEPT [50:6740]
#:FORWARD ACCEPT [90:4518]
#:OUTPUT ACCEPT [41:6038]
#COMMIT
#fine originale
#inizio prova
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
COMMIT
#fine prova
# Completed on Sun Nov 11 10:15:45 2007

-- 
Antonio Montagnani
Skype : antoniomontag
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid.conf
Type: application/x-extension-conf
Size: 157270 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20080229/2574d73a/attachment.bin>

More information about the fedora-test-list mailing list