Hey,
Let's split the scenario into two different issues.
- interception
- routing
Since the squidbox is a router you need to first enable it to be a router and also to do NAT for DNS and other services to work.
Means that the MASQUARADE rule is fine but you should limit it only to the specific outgoing interface of the WAN side ie: ens192
And you should define the right iptables rules of the intercept ie:
This is wrong:
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 192.168.1.20 0.0.0.0/0
tcp dpt:80
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 to:192.168.1.20:3129
Please post using a send the complete "iptables-save"
So I would be able to see what I'm suspecting.
Technically what you shoul have in the nat table is the next rule:
iptables -t nat -A PREROUTING -I ens192 -p tcp --dport 80 -j REDIRECT --to-port 3129
Then you can try to see using " watch -d iptables -t nat -L -nv" if the rules are being "hit" by the counter.
If the rule doesn't catch the traffic it should be accounted at the POLICY ACCEPT rule.
Let me know if it helps,
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx
-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of erdosain9
Sent: Friday, July 21, 2017 17:19
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Squid as gateway
Hi, and thanks
The ROUTERWIFI is a TpLink TL-WR940N.... i dont see in this router any Nat
option :-(
This is the router table of the SquidBox
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 10.1.158.1 0.0.0.0 UG 0 0 0
ens192
10.1.158.0 0.0.0.0 255.255.255.0 U 0 0 0
ens192
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0
ens160
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0
ens192
192.168.0.0 192.168.1.40 255.255.255.0 UG 0 0 0
ens160
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
ens160
192.168.2.0 192.168.1.1 255.255.255.0 UG 0 0 0
ens160
192.168.6.0 192.168.1.1 255.255.255.0 UG 0 0 0
ens160
If i enable ipv4 forwarding in SquidBox, the clients of the ROUTERWIFI can
access internet, so i think the router table it's ok.... the clients can go
to internet but just because ipv4 forwarding is enable (the squid service is
not getting anything, i dont see nothing in the access.log...) if i disable
ipv4 forwarding the clients dont go anyway.
This is iptables
[root@squid ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 383 packets, 42336 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 192.168.1.20 0.0.0.0/0
tcp dpt:80
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 to:192.168.1.20:3129
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * * 0.0.0.0/0
0.0.0.0/0
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683200.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
