Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY

From: Askar <askar@dont-contact.us>
Date: Wed, 17 Aug 2005 17:38:54 +0500

Damián Mantelli (A.C.A.R.A) wrote:

>Thanks for your help, I will perform my iptables with that information, but
>I have a second cuestion, must I set additional modules into the Kernel? Or
>set something in /etc/sysctl.conf ? something like
>net.ipv4.ip_forward=1 ..
>
>
>
only needed if your cache server also working as gateway

>Thanks
>
>Damián.
>
>
>-----Mensaje original-----
>De: Ashish [mailto:maillistsmix@gmail.com]
>Enviado el: Miércoles, 17 de Agosto de 2005 03:45 a.m.
>Para: Damián Mantelli (A. C. A. R. A )
>CC: squid-users@squid-cache.org
>Asunto: Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY
>
>Hi ,
>
> The following u need to do for making squid as
>transparent proxy:-
>
>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
>--to-port 3128
>
>iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED
>-i eth1 -p tcp --dport 3128
>
>iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED
>-o eth0 -p tcp --dport 80
>
>iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i
>eth0 -p tcp --sport 80
>
>iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o
>eth1 -p tcp --sport 80
>
>iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.1.100 -p tcp
>--dport 80 -j DNAT --to 192.168.1.100:3128
>
>iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d
>192.168.1.100 -j SNAT --to 192.168.1.1
>
>iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.100 -i eth1 -o eth1
>-m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT
>
>iptables -A FORWARD -d 192.168.1.0/24 -s 192.168.1.100 -i eth1 -o eth1
>-m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT
>
>make the following changes in squid.conf:-
>
>httpd_accel_host virtual
>
>httpd_accel_port 80
>
>httpd_accel_with_proxy on
>
>httpd_accel_uses_host_header on
>
>
>
>Thanks
>Ashish Malik
>
>
>
>
>
>
Received on Wed Aug 17 2005 - 06:39:12 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT