hi, I need your urgent help in iptables and squid proxy

[lovesunset21]

hi everyone, i am totally new in Linux and iptables. I need to set up an ip table and a transparent squid proxy as followed:

I have 3 machine:


Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.

eth1: 192.168.99.2 (Connect to eth1 of machine 2)
eth2: 192.168.98.2 (Connect to eth1 of machine 3)

machine 2 works as a webserver

eth1: 192.168.99.4


machine 3 works as a web client.

eth1: 192.168.98.4


my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy.

In order to fulfill the tasks, I have edited the squid.conf as followed:

Code:

http_access allow localnet
http_access allow localhost

and in machine 1, I tried 2 ip tables command:

Code:

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:80
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80

I don't know if it is right or wrong. Please give me a suggestion. Thank you so much. I need your help.

[Kloschüssel]

There are a lot of documentation and howtos around about how to set up a "transparent squid proxy". Just search for it using your favorite web search engine.

[lovesunset21]

hi, thanks for your reply. I have searched and I have tried it. However, I am not sure it is the right answer. Please give me a suggestion. Thank you so much.

[Kloschüssel]

Is there something that doesn't work? Explain your steps and maybe we can find out what's going wrong. Otherwise I can just advice to either hire an expert that can get the job done (I could do it for you for a feasible price of 40€ / h ) or relay you to the howtos:

How to Setup Transparent Squid Proxy Server in Ubuntu|Ubuntu Geek

Linux: Setup a transparent proxy with Squid in three easy steps

[lovesunset21]

Thanks so much for your reply. I edit my squid.conf as followed:
acl lan src 192.168.99.2 192.168.98.0/24
http_access allow localhost
http_access allow lan

and my iptable nat are:

root@labrat:~# iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:3128
root@labrat:~# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

When I access machine 3 and use lynx browser:

lynx 192.168.99.4

It displays ERROR: The requested URL could not be retrieved (p1 of 2)
ERROR

I don't know why. Please help me. Thank you so much.

[niekshas]

Kloschüssel give you link.... number 2

Are you read part about IP tables there ?

[lovesunset21]

Thanks, I have solved my problem

[barriehie]

Thanks, I have solved my problem

So what was the issue and how did you correct it? It could help someone else with the same scenario!