[K12OSN] iptables and prerouting for squid

Cory Cartwright corycartwright at sbcglobal.net
Tue Nov 16 20:26:37 UTC 2004 

to answer you last question,  you are not changing the source address,
so the request is still coming from the client, as far as the router is
concerned.

could you send your iptables script?

Cory
corycartwright at sbcglobal.net


On Tue, 2004-11-16 at 15:12, KJ wrote:
> Hey Cory,
> Yes the clients are still being sent to the internet.  I am setup as such:
> Server w/ eth0 (internal) setup with 192.168.0.254/255.255.255.0 and 
> DHCP'ing to the clients (only 1 currently connected).
> 
> same box w/ eth1 (external) connected to my internal network w/ a DHCP 
> assigned address from my router of 192.168.2.17/255.255.255.0
> 
> from your question I changed (briefly) my network to 10. etc. and 
> re-initialized the NIC, no change in behavior.
> 
> I'm having a disconnect in my mind of how the logic of this works.  If I 
> have a Terminal session going to the LTSP/Squid server how is the 
> iptables entry supposed to route the traffic, doesn't the LTSP/Squid box 
> see the page requests as originating from itself and just plain route 
> them to the outside?
> 
> Thanks!
> KJ
> 
> Cory Cartwright wrote:
> 
> >the clients still get natted to the internet? What is the ip range for
> >the other interface? Is it the same subnet?
> >
> >
> >On Tue, 2004-11-16 at 13:38, KJ wrote:
> >  
> >
> >>I must have something setup incorrectly.  I used -s 
> >>192.168.0.0/255.255.255.0 (and dropped the -i eth0) from the entry and 
> >>it's still not doing anything.
> >>
> >>I'm baffled.
> >>Thanks for your insight.
> >>KJ
> >>
> >>
> >>Cory Cartwright wrote:
> >>
> >>    
> >>
> >>>One easy way to tell is change you PREROUTING to filter based on source
> >>>17x.xxx.xxx.xxx/xx instead of -i
> >>>good luck!
> >>>
> >>>Cory
> >>>
> >>>On Tue, 2004-11-16 at 11:11, KJ wrote:
> >>> 
> >>>
> >>>      
> >>>
> >>>>I think it's a great question.  eth0 is my internal LAN. 
> >>>>
> >>>>My setup is that I have one LTSP box to serve my 10 computers.  It has 
> >>>>two LAN cards, one is connected to the thin clients and the other is 
> >>>>connected to my internal LAN (which the teachers are on) The LTSP 
> >>>>sessions are the ones that I am attempting to route into squidguard. 
> >>>>
> >>>>Maybe this is my problem, I have the requests coming in from the thin 
> >>>>clients, the server thinks it is coming from itself and routes it out to 
> >>>>the internet.  does that make sense?
> >>>>
> >>>>thanks again!
> >>>>KJ
> >>>>
> >>>>Cory Cartwright wrote:
> >>>>
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>Sorry if this is a dumb question, but is eth0 you internal LAN? Maybe
> >>>>>instead specify the address -s 172.x.x.x/xx  (put your subnet in) and
> >>>>>remove -i eth0
> >>>>>
> >>>>>Cory
> >>>>>
> >>>>>
> >>>>>
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>_______________________________________________
> >>>>K12OSN mailing list
> >>>>K12OSN at redhat.com
> >>>>https://www.redhat.com/mailman/listinfo/k12osn
> >>>>For more info see <http://www.k12os.org>
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>_______________________________________________
> >>>K12OSN mailing list
> >>>K12OSN at redhat.com
> >>>https://www.redhat.com/mailman/listinfo/k12osn
> >>>For more info see <http://www.k12os.org>
> >>>
> >>> 
> >>>
> >>>      
> >>>
> >>_______________________________________________
> >>K12OSN mailing list
> >>K12OSN at redhat.com
> >>https://www.redhat.com/mailman/listinfo/k12osn
> >>For more info see <http://www.k12os.org>
> >>    
> >>
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> >  
> >
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list