[K12OSN] iptables and prerouting for squid

KJ ksj2010 at myrealbox.com
Tue Nov 16 20:12:36 UTC 2004


Hey Cory,
Yes the clients are still being sent to the internet.  I am setup as such:
Server w/ eth0 (internal) setup with 192.168.0.254/255.255.255.0 and 
DHCP'ing to the clients (only 1 currently connected).

same box w/ eth1 (external) connected to my internal network w/ a DHCP 
assigned address from my router of 192.168.2.17/255.255.255.0

from your question I changed (briefly) my network to 10. etc. and 
re-initialized the NIC, no change in behavior.

I'm having a disconnect in my mind of how the logic of this works.  If I 
have a Terminal session going to the LTSP/Squid server how is the 
iptables entry supposed to route the traffic, doesn't the LTSP/Squid box 
see the page requests as originating from itself and just plain route 
them to the outside?

Thanks!
KJ

Cory Cartwright wrote:

>the clients still get natted to the internet? What is the ip range for
>the other interface? Is it the same subnet?
>
>
>On Tue, 2004-11-16 at 13:38, KJ wrote:
>  
>
>>I must have something setup incorrectly.  I used -s 
>>192.168.0.0/255.255.255.0 (and dropped the -i eth0) from the entry and 
>>it's still not doing anything.
>>
>>I'm baffled.
>>Thanks for your insight.
>>KJ
>>
>>
>>Cory Cartwright wrote:
>>
>>    
>>
>>>One easy way to tell is change you PREROUTING to filter based on source
>>>17x.xxx.xxx.xxx/xx instead of -i
>>>good luck!
>>>
>>>Cory
>>>
>>>On Tue, 2004-11-16 at 11:11, KJ wrote:
>>> 
>>>
>>>      
>>>
>>>>I think it's a great question.  eth0 is my internal LAN. 
>>>>
>>>>My setup is that I have one LTSP box to serve my 10 computers.  It has 
>>>>two LAN cards, one is connected to the thin clients and the other is 
>>>>connected to my internal LAN (which the teachers are on) The LTSP 
>>>>sessions are the ones that I am attempting to route into squidguard. 
>>>>
>>>>Maybe this is my problem, I have the requests coming in from the thin 
>>>>clients, the server thinks it is coming from itself and routes it out to 
>>>>the internet.  does that make sense?
>>>>
>>>>thanks again!
>>>>KJ
>>>>
>>>>Cory Cartwright wrote:
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>>>Sorry if this is a dumb question, but is eth0 you internal LAN? Maybe
>>>>>instead specify the address -s 172.x.x.x/xx  (put your subnet in) and
>>>>>remove -i eth0
>>>>>
>>>>>Cory
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>K12OSN mailing list
>>>>K12OSN at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/k12osn
>>>>For more info see <http://www.k12os.org>
>>>>   
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>K12OSN mailing list
>>>K12OSN at redhat.com
>>>https://www.redhat.com/mailman/listinfo/k12osn
>>>For more info see <http://www.k12os.org>
>>>
>>> 
>>>
>>>      
>>>
>>_______________________________________________
>>K12OSN mailing list
>>K12OSN at redhat.com
>>https://www.redhat.com/mailman/listinfo/k12osn
>>For more info see <http://www.k12os.org>
>>    
>>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>  
>




More information about the K12OSN mailing list