Transparent Proxy / Firewall Rule

[alpha_shine]

Hi,
I need some help here with the my firewall & squid. I have a router/gateway with Suse 10.3 installed having 2 nics. I have setup squid in transparent mode and have set firewall rules to forward tcp & udp request on port 80 to 3128 where squid is listening.

I have client machines connecting to the router and when I connect to the internet, it doesnt work. But when I configure the client network settings in Firefor (or IE) to use proxy on port 80, it works. Can someone please guide me through setting up this proxying transparently without client network settings ?

Any help is greaty appreciated.

Thanks.

[Lazydog]

Post your firewall rules so we can see what you done already and what you might need to change.

[alpha_shine]

Post your firewall rules so we can see what you done already and what you might need to change.

Thanks for the quick response Lazydog...

these are the redirect rules I've set..

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 192.168.10.0/24 anywhere tcp dpt:80 redir ports 3128
REDIRECT udp -- 192.168.10.0/24 anywhere udp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


192.168.10.0/24 is my internal network ip. Like I stated before, these rules seem to work fine once I configure the client browser to use proxy on port 80, but without it, it doesn't work.

[Lazydog]

This lines should get you what you want.


If the proxy is on the same box as the firewall:

Code:

iptables -t nat -A PREROUTING -i <eth#> -p tcp --dport 80 -j REDIRECT --to-ports 3128

If the proxy is on another box besides the firewall box:

Code:

iptables -t nat -A PREROUTING -i <eth#> -p tcp --dport 80 -j DNAT --to-destination <ipaddress>:3128

Replace "<eth#>" with the inside interface.