Wundy wrote:
Greetings all!
I am currently trying to run a transparent proxy in a testing environment.
I have one VM with 2 network cards. 1 is set on vmnet2 the other one NAT to
the internet.
my server is running squid in transparent mode on the internal IP address of
192.168.0.12/24
and the client is set on 192.168.0.7/24 with it's default gateway pointing
towards 0.12.
now when I try to open iceweasel I cannot get through to the internet, when
I input my proxy settings, it does work.
how do I fix this ?
I tried redirecting traffic with IPtables but it didn't work,
here is the script I used:
eth2 is the internal lan
eth1 the internet
#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A OUTPUT -o eth2 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to
192.168.0.12:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128
best wishes
You should be able to use just:
iptables -t nat -A PREROUTING -s ! 192.168.0.12 -p tcp --dport 80 -
REDIRECT -to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
squid.conf:
http_port 3128 transparent
If that still won't work:
- Ensure that your squid has ONLY one transparent option
(--enable-linux-netfilter) configured.
- Check that squid is receiving requests (access.log or cache.log)
- Check squid has access outbound (usually cache.log)
- Check whether NAT is failing (cache.log)
Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4
