I believe so. The specific command I used was: iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT --to-port 3128 (For some reason my adapter is ens33, I have no idea why it's not eth0. Squid is set to run on 3128.) And after running this command port 80 now shows as being open with nmap. And the output from iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination It's fair to say I have almost no experience with iptables. Is it iptables that should be doing the address translation? when the packet is sent back to the client? -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Antony Stone Sent: 07 September 2016 09:28 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Transparent Proxy On Wednesday 07 September 2016 at 10:23:02, John Sayce wrote: > I'm trying to set up a transparent proxy but I'm fairly sure I'm > missing something. > > I've followed the instructions on the juniper website along with a > couple of other blogs as per: > https://damn.technology/using-squid-juniper-pbr-transparent-proxy You *have* applied the iptables rule on the machine running squid as described on that page, yes? iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Antony. -- This email was created using 100% recycled electrons. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
