Hi David !
I didn't try because my squid server is on other host.
I tried this rules:
1) iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport
80 -j DNAT --to squid-box:8080
2) iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -
j SNAT --to iptables-box
3) iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p
tcp --dport 8080 -j ACCEPT
With this three rules, the transparent proxy works very well, but my
squid only receives connection from firewall (logical, because the second
rule). So, I don't have control (by squid) of that my users are accessing in
the internet.
I don't know the reason of the transparent proxy doesn't work with the
rules 1 and 3, only. This is my true doubt.
Thanks a lot,
Tiago Fioreze
Citando David Correa <tech@linux-tech.com>:
>
> did you try ?
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
> $PORT
>
> check http://www.tldp.org/HOWTO/mini/TransparentProxy.html#toc5
>
> --
> David Correa
> Public Key http://www.linux-tech.com/linuxtech.asc
> Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
>
********************************************
* Administrador da Rede *
* *
* Núcleo de Ciência da Computação *
* Universidade Federal de Santa Maria *
* Santa Maria - Rio Grande do Sul - Brasil *
********************************************
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
