routing VPN users through transparent Squid using iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 Hello all!

I'm hoping someone can help me out - I've been tearing my hair out over this!

I have pptpd and squid set up. I want give these users access to the internet, but would like to send http traffic through a squid proxy.

Hopefully this rough diagram will give you an idea of what I'm trying to achieve:

[CODE]

VPN users connect to pptpd (via eth0)
    \ | /
      |
      |
     / \
 http   everything else
   |     |
   |     |
   |     |
squid    |
   |     |
    \   /
     \ /
      |
     NAT
      |
  internet (via eth0)
[/CODE]

If I set up the following iptables rule, users can connect to the internet:
[CODE]iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE[/CODE]

I can also connect to squid it works as expected.

Now, I was hoping another simple rule would redirect all http traffic through squid: [CODE]iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 80 -j REDIRECT --to-port 3128[/CODE]

But this doesn't seem to work (I'm also hoping ppp+ is the correct formatting for a wildcard?). Http traffic is never redirected and bypasses the proxy.

Can anyone suggest how to get this working?

I don't really know much about this stuff I'm afraid. I would also love some recommendations for ways in which I can debug the system, e.g. which log files to look at, tcpdump commands etc. I find the iptables documentation extremely bewildering!

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux