Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I need some help here with the my firewall & squid. I have a router/gateway with Suse 10.3 installed having 2 nics. I have setup squid in transparent mode ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    2

    Transparent Proxy / Firewall Rule


    Hi,
    I need some help here with the my firewall & squid. I have a router/gateway with Suse 10.3 installed having 2 nics. I have setup squid in transparent mode and have set firewall rules to forward tcp & udp request on port 80 to 3128 where squid is listening.

    I have client machines connecting to the router and when I connect to the internet, it doesnt work. But when I configure the client network settings in Firefor (or IE) to use proxy on port 80, it works. Can someone please guide me through setting up this proxying transparently without client network settings ?

    Any help is greaty appreciated.

    Thanks.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Post your firewall rules so we can see what you done already and what you might need to change.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Nov 2007
    Posts
    2
    Quote Originally Posted by Lazydog View Post
    Post your firewall rules so we can see what you done already and what you might need to change.
    Thanks for the quick response Lazydog...

    these are the redirect rules I've set..

    iptables -t nat -L
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    REDIRECT tcp -- 192.168.10.0/24 anywhere tcp dpt:80 redir ports 3128
    REDIRECT udp -- 192.168.10.0/24 anywhere udp dpt:80 redir ports 3128

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination


    192.168.10.0/24 is my internal network ip. Like I stated before, these rules seem to work fine once I configure the client browser to use proxy on port 80, but without it, it doesn't work.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    This lines should get you what you want.


    If the proxy is on the same box as the firewall:
    Code:
    iptables -t nat -A PREROUTING -i <eth#> -p tcp --dport 80 -j REDIRECT --to-ports 3128
    If the proxy is on another box besides the firewall box:
    Code:
    iptables -t nat -A PREROUTING -i <eth#> -p tcp --dport 80 -j DNAT --to-destination <ipaddress>:3128
    Replace "<eth#>" with the inside interface.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •