mån 2006-11-06 klockan 15:41 -0800 skrev John Oliver: > I've been Googling and testing and trying and massaging, but nothing is > working. Every example I find about how to do this is different. Most > are assuming that Squid is running on the same box as iptables, which is > *not* the case for me. Doing this when the proxy is not running on the router is a little trickier, but not impossible. For best results I recommend you to move the proxy to a separate network interface and use the following rules to policy route port 80 traffic sessions initiated from the internal network and have it forwarded to the proxy: internal=eth0 proxy=192.168.2.2 iptables -t mangle -A PREROUTING -i $internal -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-ma rk 1 iptables -t mangle -A PREROUTING -i $internal -j CONNMARK --restore-mark ip rule add pref 1000 fwmark 1 table 1 ip route add table 1 default via $proxy Then on the proxy you need the normal interception rule iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 It is also possible to do a similar setup while having the proxy in the same LAN as the clients, but the setup then either becomes more complex, or plagued by MTU issues.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
