On 28/09/11 07:37, Jeff MacDonald wrote:
Hi, My setup is such that from home, I connect to a remote openvpn host which is running IPtables. That machine then redirects all traffic with rules like this: iptables -t nat -A PREROUTING -i tun0 -s ! 10.17.0.3 -p tcp --dport 80 -j DNAT --to 10.17.0.3:3128 iptables -t nat -A POSTROUTING -o tun0 -s 10.111.111.0/24 -d 10.17.0.3 -j SNAT --to 10.111.111.1 Where 10.111.111.0/24 is my VPN, and 10.17.0.3 is my squid server. The problem with this scenario, is that all requests appear to come from 10.17.0.2 the openvpn server. Which defeats our purpose of putting this proxy in place.. to catch a slacker who is wasting company time. Thoughts? Anyway we can use iptables better for this redirection?
You require TPROXY on the interception server. http://wiki.squid-cache.org/Features/Tproxy4 Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12
