On 28/09/11 07:37, Jeff MacDonald wrote:
> Hi,
>
> My setup is such that from home, I connect to a remote openvpn host
> which is running IPtables.
>
> That machine then redirects all traffic with rules like this:
>
> iptables -t nat -A PREROUTING -i tun0 -s ! 10.17.0.3 -p tcp --dport
> 80 -j DNAT --to 10.17.0.3:3128
> iptables -t nat -A POSTROUTING -o tun0 -s 10.111.111.0/24 -d
> 10.17.0.3 -j SNAT --to 10.111.111.1
>
> Where 10.111.111.0/24 is my VPN, and 10.17.0.3 is my squid server.
>
> The problem with this scenario, is that all requests appear to come
> from 10.17.0.2 the openvpn server. Which defeats our purpose of
> putting this proxy in place.. to catch a slacker who is wasting
> company time.
> Thoughts? Anyway we can use iptables better for this redirection?
You require TPROXY on the interception server.
http://wiki.squid-cache.org/Features/Tproxy4
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Mon Oct 03 2011 - 04:26:29 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 03 2011 - 12:00:02 MDT