Good day,
My setup is:
wlan0 ----> br0 -----> eth0 =====> router
internal internal internal
10.0.0.5 10.0.0.4 10.0.0.3 10.0.0.2
(apache:80)
(squid:3128)
(iptables)
I am running Debian 7 with a few servers on it. Everything is fine. Squid is
fine if I configure browsers to use the proxy 10.0.0.5:3128.
However, all internal clients can still connect to the internet if I do not tell
them to go through the proxy.
I have a simple iptables setup:
####################################################################################
# Generated by iptables-save v1.4.14 on Sat Mar 22 16:28:57 2014
*nat
:PREROUTING ACCEPT [76:4907]
:INPUT ACCEPT [24:1899]
:OUTPUT ACCEPT [117:9446]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Mar 3 16:28:57 2014
# Generated by iptables-save v1.4.14 on Mon Mar 3 16:28:57 2014
*filter
:INPUT ACCEPT [462:67612]
:FORWARD ACCEPT [112:5720]
:OUTPUT ACCEPT [354:42889]
-A FORWARD -s 10.0.0.0/24 -i eth0 -o wlan0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Mar 22 16:28:57 2014
####################################################################################
How would I go about routing all the local clients to squid's port 3128?
I have tried the following, but it doesn't work
-t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
-t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3128
Thank You
Danny
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
