Solved

problem in squid between L3-switch and router

Posted on 2016-09-26
4
40 Views
Last Modified: 2016-10-17
I need to config a squid server  between L3-switch and router without change configuration .  L3--->squid--->router
I installed a transparent squid  between the switch and the router in bridge mode, the switch has several vlans that speaks with a route.
All vlans can reach the router so bridging seems ok, but  i cant't see any log in squid's access.log  
my config as follows:
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1
/sbin/ifconfig eth0 0.0.0.0 promisc
/sbin/ifconfig eth1 0.0.0.0 promisc
/sbin/ifconfig br0 192.168.100.5 255.255.255.0 up
route add default gw 192.168.100.1 dev br0
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6  --ip-destination-port 80 -j redirect  --redirect-target ACCEPT --log --log-level=info --log-prefix="EBTAB" --log-ip
/sbin/iptables -t nat -A PREROUTING  -i br0 -p tcp --dport 80  -j REDIRECT --to-port 3128

after i did this,no log come and no packets in iptables's nat table
sorry for my bad english
Anyone have a suggestion on how to manage the transparent proxy mode inside the vlans?
0
Comment
Question by:young liu
  • 3
4 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 41818324
I look at your config - are you suer you need a bridge or you mean bonding/ifenslave?
1
 

Author Comment

by:young liu
ID: 41819008
@gheist
 thank you for your reply.
I really need to do this. my network traffic is so confused with a lot of vlan,acl  and qos policy,use a squid box  by NAT mode  will change the static route and network structure.so  I have to use a bridge  mode. i think this will not change the network structure
do you have any good suggestions
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points (awarded by participants)
ID: 41819193
To clear some confusion - bridge is L2, router is L3...
If you read on ebtables manual, you see that only FORWARD table will apply on the bridge.
Probably it is not a good idea to mix ebtables and iptables, either is a full framework on its own. (me never used ebtables)
NAT cannot work without IP address (see respective RFC)
0
 
LVL 61

Expert Comment

by:gheist
ID: 41846309
Hope it helped.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now