> Hi all...
> I am on my research deploying a transparent single-homed host proxy
> server on my virtual network. My squid box is not on the same box where the
> firewall applied.
that means Transparent Proxy to a Remote Box.
then, this is the URL for this.
http://www.tldp.org/HOWTO/TransparentProxy-6.html
where there are 2 methods,
try the
Second method (more complicated, but more general). But remember, you
ne2d iproute2 pkg in additon to iptables.
on your firewall, add belwo rules.
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s squid-box
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
ip rule add fwmark 3 table 2
ip route add default via squid-box dev eth1 table 2
on your squid box,
pls add below rule.
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128
in addition to that, Your squid box needs a SNAT rule , if it is
behind the SNATed networlk.
rule like below. 1.2.3.4 is the external ip and ip address
192.168.101.1 is the ip address of squid box. pls change it
accordingly
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.1 -j SNAT
--to-source 1.2.3.4
another URL. remember. it is possible.
http://lartc.org/howto/lartc.cookbook.squid.html
I didn't have any idea how to set up the iptables running on
> the firewall,
As well as iptables, you must have installed iproute2 pkg.
try and see.
-- Thank you Indunil JayasooriyaReceived on Thu Jan 10 2008 - 20:49:30 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST