iptables Transparent Proxy Configuration

Neil Symons neil at goldweb.com.au
Fri Jul 26 02:06:41 EST 2002

I want to Transparently redirect port 80 on a router to a proxy server
and I have been guided to use the following lines.

iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp \
	 --dport 80 -j DNAT --to squid-box:3128 

iptables -t nat -A POSTROUTING -o eth0 -s local-network \
	 -d squid-box -j SNAT --to iptables-box 

iptables -A FORWARD -s local-network -d squid-box -i eth0 \
	 -o eth0 -p tcp --dport 3128 -j ACCEPT 

These all work however two problems I have discovered.

1) When I connect to the Router's Own Web Port I get redirected to the
Proxy server which I don't want.


2) I want my proxy server to be able to connect to the real world by port
80 through the proxy server

Can someone guide me to what over rules I need to fulfill this and the
order it has to go in.

-- Neil

> Neil Symons <neil at goldweb.com.au>                        <
> Goldweb Internet - (02) 62530059 BH  (0500) 528932 AH    <
> ICQ / UIN: 5255597 |  http://www.goldweb.com.au/~neil/   <

More information about the linux mailing list