My setup is Gateway plus Webserver (Nginx)
I'm running transparent-ssl and this is my iptables config -
#!/bin/sh
# squid server IP
SQUID_SERVER="192.168.0.8"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3129"
SQUID_PORTS="3130"
#Allowing All Incoming HTTP and HTTPS
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
#Allow outbound DNS
iptables -A INPUT -p udp --source-port 53 -j ACCEPT
#iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
#iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3129 ($SQUID_PORT) aka transparent proxy (http)
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# DNAT port 443 request comming from LAN systems to squid 3130 ($SQUID_PORTS) aka transparent proxy (https)
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 443 -j DNAT --to $SQUID_SERVER:$SQUID_PORTS
# squid server IP
SQUID_SERVER="192.168.0.8"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3129"
SQUID_PORTS="3130"
#Allowing All Incoming HTTP and HTTPS
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
#Allow outbound DNS
iptables -A INPUT -p udp --source-port 53 -j ACCEPT
#iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
#iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3129 ($SQUID_PORT) aka transparent proxy (http)
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# DNAT port 443 request comming from LAN systems to squid 3130 ($SQUID_PORTS) aka transparent proxy (https)
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 443 -j DNAT --to $SQUID_SERVER:$SQUID_PORTS
With the above settings, I can access my webserver in local (192.168.0.8) but when outside (12.345.45.23) it refuses.
Is it my setting on squid or iptables that is causing the conflict? and how do i resolve it, please?
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
