On Sat, 2014-03-22 at 15:38 +0200, Danny wrote: > However, all internal clients can still connect to the internet if I do not tell > them to go through the proxy. You need to to a DNAT on the packets before they hit the net. > How would I go about routing all the local clients to squid's port 3128? iptables -t NAT - A PREROUTING -p tcp --dport 80 -j DNAT\ --to-destination <squid_IP>:3128 that is the simplest way - you do need to change some of the squid config though. These days the TPROXY method is preferred though you should read http://wiki.squid-cache.org/Features/Tproxy4 Also it's worth reading more about DNAT and TPROXY in the man pages. -- Nikolai Lusan <nikolai@xxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
