Eliezer Croitoru <eliezer <at> ngtech.co.il> writes: > > Hey, > > I was wondering to myself? > Why do you intercept traffic using Amazon? > You should host your proxy close enough to have good response time which > is ok if Amazon is close enough. > > In order to perform your goal you will need to use the right interfaces > rules in IPTABLES. > > What are you using on the client machine? > And also do you expect the squid box to use it's own IP as a src or the > client IP? > If you have an example on the IP level I might be able to compose an > example that should work for you. > > Eliezer The short answer is I need a transparent proxy (url rewrite and traffic inspection) behind VPN (going for the security not for speed; cache will not be used; proxy only). Amazon VPC - 10.0.0.0/16 (subnet goes under that CIDR) VPN client - ex: iphone (10.100.0.0/16 virtual pool) vpn - 10.0.1.2 squid - 10.0.1.3 (in practice it would go under 10.0.2.0/24 and use NAT to go to WAN but for making this simpler I use the same subnet) I am not very good with linux networking so I think most of the issue is with networking and routing. My first attempt using VPC with this setup ended up with VPN client not able to access anywhere. I suspect routing was not correct because I can see DNS request and answer and some traffic going to the web site but there is no response coming back to the client. I am using (similar steps in both guides): http://www.tldp.org/HOWTO/TransparentProxy-6.html http://lartc.org/howto/lartc.cookbook.squid.html I am in the process of re configuring from scratch. If you have sure way of making this work let me know. basically VPN setup is not an issue but routing traffic to remote SQUID server and back is something that I am not able to do successfully. Thanks,
