I am trying to put together a system with Debian 2.6 kernel, iptables 1.3.1, squid and snort all on one box. (it's for a very small network 8 - 10 PCs) My question is this, if I put this into my iptables rules; iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.1 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.1:3128 will this traffic then pass through the OUTPUT chain before it leaves the firewall so then I can put: iptables -A OUTPUT -p tcp --dport 80 -j QUEUE after the above so that snort-inline will monitor all outgoing port 80 traffic after it's been "squidded"? Please help with any other suggestions on how to do this better. Thank you in advance. Thomas J. Raef e-Based Security, Inc. "You're either hardened, or you're hacked!"
