Hey All, I've followed http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute guide and have my IPTABLE Firewall correctly routing HTTP traffic. My Firewall and Squid are different devices. Client --> RouterA --> DMZ(Squid) --> RouterA --> Internet I verified traffic is getting routed to Squid box by doing a tcpdump on the squid box where I see traffic coming in for external IPs for port 80. I'm not sure what steps to perform next, as well as how this will theothreticlaly work since Squid is receiving traffic with a destination IP that isn't it's own. For example, client tries to connect to 8.8.8.8:80 Client -- 8.8.8.8:80 --> RouterA (Policy Marks and pushes to Squid) -- 8.8.8.8:80 --> Squid The tcpdump sees source as Client's IP and the Destination as 8.8.8.8 with TCP 80 yada yada. RouterA's IPTABLE iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 2 iptables -A PREROUTING -s $CLIENT-SUBNET -p tcp -m tcp --dport 80 -j MARK --set-mark 2 iptables -A PREROUTING -m mark --mark 2 -j ACCEPT # ip rule from all fwmark 2 lookup proxy # ip route list table proxy default via $SQUIDIP dev eth1 Squid IPTABLE iptables -A PREROUTING -s $SQUID_DMZ_IP -p tcp -m tcp --dport 80 -j ACCEPT iptables -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -A POSTROUTING -j MASQUERADE -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-3-Intercept-Proxy-Traffic-routing-to-Squid-Box-Now-what-tp4660046p4660058.html Sent from the Squid - Users mailing list archive at Nabble.com.
