iptables-transparent proxy don't work ! 1

[haneo]

i have installed rhd 7.1 as getway (masquerading with succes)

between 11.11.11.11/24 and the internet so the linux=getway has 2 eth :
eth1 11.11.11.11/32
eth0 193.251.16.xxx/32 (to internet)

with the line:
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

It's ok !!!

i want know to made it a transparent proxy, with squid i have changed my script as :

#iptables -t nat -A PREROUTING -s 11.11.11.11/24 -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 192.168.1.122:8080
#iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

but when the pcs behind the getway retreive a web page i can't

with #tail -f /var/log/squid/access.log
I have:
"1016637788.559 0 11.11.11.10 NONE/400 1056 GET / - NONE/- -"

I have changed my script like this but with no succes :
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

 

[ifincham]

Hi,

You just need :

# /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.122:3128

All you are doing is saving the clients configuring their browser to use the proxy server - i.e setting the squid address and port number (normally 3128) in the browser config.

You also have to configure squid for transparent proxy -->

http://www.linuxdoc.org/HOWTO/mini/TransparentProxy.html

There should be no need for the 'MASQUERADE' command unless you want to masquerade non-port 80 stuff for good measure.

Hope this helps

 

[haneo]

OH great it works !!!
It was my fault, i had omitted to change the squid.conf. Juste changing this, and it is working !!!

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


Thanks ifincham !!