Доброе время суток
Есть шлюз на нем Squid
в iptables 172.20.1.1
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth0 -s 172.20.1.1 -p tcp -m multiport --dport 80,8080 -j REDIRECT --to-port 3128
-A POSTROUTING -o eth1 -j MASQUERADE
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -s 172.20.1.1 -j ACCEPT
-A FORWARD -d 172.20.1.1 -j ACCEPT
#Default Rule
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#lan
-A FORWARD -s 172.20.1.0/24 -j ACCEPT
-A FORWARD -d 172.20.1.0/24 -j ACCEPT
Все норм все работает все редиректится
Но вот решил перенести squid на др машинку 172.20.1.220
на шлюзе прописал
-A PREROUTING -s 172.20.1.1 -p tcp -m multiport --dport 80 -j DNAT --to-destination 172.20.1.220:3128
Сведенье squid 172.20.1.220
usr/sbin/squid -v
Squid Cache: Version 3.5.16-20160402-r14019
Service Name: squid
configure options: '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid' '--with-default-user=proxy' '--with-logdir=/var/log' '--with-pidfile=/var/run/squid.pid' '--enable-ssl' '--enable-ssl-crtd' '--enable-linux-netfilter' '--with-openssl' '--enable-icap-client' --enable-ltdl-convenience
acl localnet src 172.20.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
# Squid normally listens to port 3128
http_port 127.0.0.1:3128 intercept
http_port 172.20.1.220:3128
cache_dir ufs /var/cache/squid 100 16 256
coredump_dir /var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
Не редиректится (( Но если я в ручную пропишу прокси то все ок.
LOG
tail -f /var/log/cache.log
2016/04/06 11:11:04 kid1| Store logging disabled
2016/04/06 11:11:04 kid1| DNS Socket created at [::], FD 9
2016/04/06 11:11:04 kid1| DNS Socket created at 0.0.0.0, FD 10
2016/04/06 11:11:04 kid1| Adding nameserver 172.20.1.1 from /etc/resolv.conf
2016/04/06 11:11:04 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2016/04/06 11:11:04 kid1| HTCP Disabled.
2016/04/06 11:11:04 kid1| Finished loading MIME types and icons.
2016/04/06 11:11:04 kid1| Accepting NAT intercepted HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 32 flags=41
2016/04/06 11:11:04 kid1| Accepting HTTP Socket connections at local=172.20.1.220:3128 remote=[::] FD 33 flags=9
B притом в tail -f /var/log/access.log не чего не летит просто браузер кричит конект тайм аут
Немогу понять почему нехочет переноправлять