Talk:Squid
iptables rules
I'm not sure if these also apply when using shorewall. This is based on the following assumptions:
- iptables server is the gateway server
- squid is listening on port 3128
- local network is connecting to the server is 192.168.0.0/23 and already has basic nat rules set up
- iptables server is 192.168.1.7
It took me a while to realise that in addition to redirecting the traffic, the squid port needed to be opened before it would work:
echo " # open access to proxy - squid - port 3128" $IPTABLES -A open -p tcp --syn --dport 3128 -j ACCEPT echo " # Transparently forward http traffic to Squid" $IPTABLES -t nat -A PREROUTING -i eth0 ! -d 192.168.1.7 -p tcp --dport 80 -j REDIRECT --to-port 3128
intercept
I couldn't get the example working at all, however looking at http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat gave me the following setup that I then save using iptables-save and it works like a charm. After downgrading from squid 3.4.3 to 3.4.2, something is off with 3.4.3.
iptables-dnat-proxy-rules.sh
#!/bin/sh # # your proxy IP SQUIDIP=192.168.1.1 # your proxy listening port (port 8080 intercept in squid.conf) SQUIDPORT=8080 iptables -t nat -F iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $SQUIDIP:$SQUIDPORT iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -F iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDPORT -j DROP