Dear all, I would like to setup a transparent web proxy with squid and iptables. I am using squid package from linuxpackges (squid-2.5.STABLE9-i486-1maew), and I am going through some troubles! I have followed few howtos, and my squid is starting ok (squid -NCd1), but other machines for my isolated lan cannot access to the web. My netwrok configuration is a bit more complex, and I have few constrains that I have to follow : Isolated Lan -----| Proxy Box |-------Lan------| Firewall |-------INTERNET The firewall (linux/iptables) is doing regular nat, and port forwarding. I cannot changed this configuration. My Proxy box (slackware10.1 / 2.6.11.6) has 2 ip : * Iso Lan : 192.168.2.1 (eth1) * Lan : 192.168.0.80 (eth0) I have a standard squid configuration with such acl : ******* acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT .... acl our_networks src 192.168.2.0/24 http_access allow our_networks ***** and I have setup 1 rule for iptable : iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 80 -j REDIRECT --to-port 3128 ******* root@margaritas:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ******* The configuration does not work as a transparent proxy, but, if I setup my web browser to connect via my proxy, it works! (at least I know my proxy works). If anyone has any ideas, that would be great! Regards, Kevin. Kevin Thackray C&T Paradigm NV BTW BE 0465.030.272 RPR Antwerpen G. LeGrellelaan 10, B - 2020 Antwerpen Tel +32(3)259 2266 mailto:kthackray@xxxxxxxxxxxxx This email is for the use of the intended recipient only. It may contain information that is legally privileged or confidential. If you are not the intended recipient, any disclosure, distribution or copying of this email is strictly prohibited and may be unlawful. If received in error, please reply to the sender confirming this, then delete the email. <<Kevin Thackray.vcf>>
BEGIN:VCARD VERSION:2.1 N:Thackray;Kevin FN:Kevin Thackray ORG:C&T Paradigm TITLE:Data Management EMAIL;PREF;INTERNET:kthackray@xxxxxxxxxxxxx REV:20050127T142141Z END:VCARD
