transparent squid not working

Alex Gutiérrez Martínez <alex@xxxxxxxxxxxxx> · Mon, 24 Sep 2018 10:36:46 -0400

Hi community, im tyin to configure a squid transparent proxy, i obtain 
internet thanks to a parent proxy. I have 3 Ip declare on my iptables 
config file 172.16.1.245 is the administration ip, 172.16.1.246 is my 
parent proxy ip and 192.168.137.0/24 is the lan segment where my client 
are. This is my config:

 #squid.conf

acl http port 80
http_access allow http
acl https port 443
http_access allow https
never_direct allow all
cache_peer 172.16.1.246 parent 804
http_port 3128 transparent
cache_mem 64 MB
cache_dir aufs /var/cache/squid 1024 16 256
acl mired src 192.168.137.0/24
acl localhost src 127.0.0.1/32
http_access allow mired
http_access allow localhost
http_access deny all
acl deny_ipaccess url_regex [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
http_access deny deny_ipaccess

#iptables config

##!/bin/sh
echo n Aplicando Reglas de Firewall...
## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
## Establecemos politica por defecto
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
## Empezamos a filtrar
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 172.16.1.245 -j ACCEPT
iptables -A INPUT -s 172.16.1.246 -j ACCEPT
iptables -A INPUT -s 192.168.137.0/24 -j ACCEPT
#nat
iptables -t nat -A PREROUTING -p tcp -s 192.168.137.0/24 --dport 80 -j 
REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p tcp -s 192.168.137.0/24 --dport 443 -j 
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -d 172.16.1.14 -o 
enp0s3 -j MASQUERADE
#iptables save
iptables-save > /etc/iptables/rules.v4
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
# Fin del scrip

Can someone be so nice to explain to me wy this is not working.

Thanks in advance. Remember, always attack ideas, never people.

--
Saludos Cordiales

Lic. Alex Gutiérrez Martínez

Tel. +53 7 2710327

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users