transparent proxy

Antonio M antonio.montagnani at gmail.com
Fri Feb 29 11:39:31 UTC 2008 

2008/2/29, Antonio M <antonio.montagnani at gmail.com>:
> My router (runnin F9) was acting as transparent proxy....
>  This morning when connecting my Skype fon it didn't connect!!! well I
>  connected my laptop and I was not able to surf the net, to read
>  e-mails. I was surprised because It worked fine since a long time.
>  My router has two NIC's, from the laptop I could not ping my modem!!
>  I mad ethe following tests:
>  I connected Firefox by Squid (and it was o.k.)
>  I disabled the forward HTTP connections to Squid Proxy putting a # in
>  front of line -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j
>  REDIRECT --to-ports 3128
>
>  What is wrong (iptables or squid)???
>  iptables-1.3.8-6.fc9
>  squid-3.0.STABLE1-3.fc9
>
>  I think squid as latest release was installed two days ago, while
>  iptables is much older.
>
>  As attachment you will find my squid.conf file
>
>
>  # Generated by iptables-save v1.3.8 on Sun Nov 11 10:15:45 2007
>  *nat
>  :OUTPUT ACCEPT [0:0]
>  :PREROUTING ACCEPT [0:0]
>  :POSTROUTING ACCEPT [0:0]
>  -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
>  # Forward HTTP connections to Squid proxy
>  -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
>  COMMIT
>  # Completed on Sun Nov 11 10:15:45 2007
>  # Generated by iptables-save v1.3.8 on Sun Nov 11 10:15:45 2007
>  *mangle
>  :PREROUTING ACCEPT [138:11158]
>  :INPUT ACCEPT [50:6740]
>  :FORWARD ACCEPT [88:4418]
>  :OUTPUT ACCEPT [41:6038]
>  :POSTROUTING ACCEPT [129:10456]
>  COMMIT
>  # Completed on Sun Nov 11 10:15:45 2007
>  # Generated by iptables-save v1.3.8 on Sun Nov 11 10:15:45 2007
>  *filter
>  #Originale
>  #:INPUT ACCEPT [50:6740]
>  #:FORWARD ACCEPT [90:4518]
>  #:OUTPUT ACCEPT [41:6038]
>  #COMMIT
>  #fine originale
>  #inizio prova
>  :FORWARD DROP [0:0]
>  :INPUT DROP [0:0]
>  :OUTPUT ACCEPT [0:0]
>  -A INPUT -i lo -j ACCEPT
>  -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A FORWARD -i eth0 -j ACCEPT
>  -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>  -A INPUT -i eth0 -j ACCEPT
>  COMMIT
>  #fine prova
>  # Completed on Sun Nov 11 10:15:45 2007
>
>
>  --
>  Antonio Montagnani
>  Skype : antoniomontag
>
>
I forgot to say that after disabling the connection to Squid everything was o.k.

-- 
Antonio Montagnani
Skype : antoniomontag

More information about the fedora-test-list mailing list