Re: [squid-users] [help] setting up firewall policy for transparent (single-homed host) proxy

From: Indunil Jayasooriya <indunil75@dont-contact.us>
Date: Fri, 11 Jan 2008 09:19:26 +0530

> Hi all...

> I am on my research deploying a transparent single-homed host proxy
> server on my virtual network. My squid box is not on the same box where the
> firewall applied.

that means Transparent Proxy to a Remote Box.

then, this is the URL for this.
http://www.tldp.org/HOWTO/TransparentProxy-6.html

where there are 2 methods,

try the
Second method (more complicated, but more general). But remember, you
ne2d iproute2 pkg in additon to iptables.

on your firewall, add belwo rules.

     iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s squid-box
     iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
     ip rule add fwmark 3 table 2
     ip route add default via squid-box dev eth1 table 2

on your squid box,
pls add below rule.

     iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128

in addition to that, Your squid box needs a SNAT rule , if it is
behind the SNATed networlk.

rule like below. 1.2.3.4 is the external ip and ip address
192.168.101.1 is the ip address of squid box. pls change it
accordingly

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.1 -j SNAT
--to-source 1.2.3.4

another URL. remember. it is possible.

http://lartc.org/howto/lartc.cookbook.squid.html

I didn't have any idea how to set up the iptables running on
> the firewall,
As well as iptables, you must have installed iproute2 pkg.

try and see.

-- 
Thank you
Indunil Jayasooriya
Received on Thu Jan 10 2008 - 20:49:30 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST