Problems with Squid on a DMZ
Hello.
I installed Squid Cache: Version 2.7.STABLE3 on Lenny which is in a box in a DMZ. This is network:
internet -------------- FIREWALL / iptables ----------- LAN
|
|
DMZ
I would like all http traffic from the LAN cached on the box in the DMZ. I set the Squid server as:
# Port Squid listens on
http_port 192.168.3.100:3128 transparent
# Access-lists (ACLs) will permit or deny hosts to access the proxy
acl lan-access src 192.168.2.0/255.255.255.0
acl lan-access src 192.168.3.0/255.255.255.0
acl localhost src 127.0.0.1
acl all src 0.0.0.0/0.0.0.0
# Access rule
http_access allow localhost
http_access allow lan-access
http_access deny all
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_dir ufs /var/log/squid/cache 5000 16 256
I have this set in the firewall:
iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp \
--dport 80 -j DNAT --to-destination $SQUID_SERVER:3128
But, can't get the traffic forwarded to the dmz.
Is the Squid configuration correct?
Do I need to add another chain to the firewall?
|