iptables Transparent Proxy Configuration
Martin Schwenke
martin at meltin.net
Fri Jul 26 11:28:30 EST 2002
>>>>> "Neil" == Neil Symons <neil at goldweb.com.au> writes:
Neil> I want to Transparently redirect port 80 on a router to a
Neil> proxy server and I have been guided to use the following
Neil> lines.
Neil>
Neil> iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp \
Neil> --dport 80 -j DNAT --to squid-box:3128
Neil>
Neil> iptables -t nat -A POSTROUTING -o eth0 -s local-network \
Neil> -d squid-box -j SNAT --to iptables-box
Neil>
Neil> iptables -A FORWARD -s local-network -d squid-box -i eth0 \
Neil> -o eth0 -p tcp --dport 3128 -j ACCEPT
Neil>
Neil>
Neil> These all work however two problems I have discovered.
Neil>
Neil> 1) When I connect to the Router's Own Web Port I get
Neil> redirected to the Proxy server which I don't want.
This traffic is being caught by the first rule, since your connection
probably isn't coming from the squid box. Before that rule, you need
to put in an ACCEPT for http packets aimed at the router:
iptables -t nat -A PREROUTING -i eth0 -d iptables-box -p tcp \
--dport 80 -j ACCEPT
Neil> 2) I want my proxy server to be able to connect to the real
Neil> world by port 80 through the [...] router.
This traffic isn't caught by any of the above rules? What else are
you doing? Do you have forwarding turned on?
peace & happiness,
martin
More information about the linux
mailing list