Re: [squid-users] problem running transparent proxy with squid-2.6.stable6

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sat, 06 Jan 2007 16:02:53 +0100

lör 2007-01-06 klockan 04:44 -0800 skrev zulkarnain:

> How to configure proxy to route return traffic via
> firewall? I try rules "iptables -t nat -A PREROUTING
> -i eth0 -s ! 192.168.1.2 -p tcp --dport 80 -j DNAT
> --to 192.168.1.2:3128" but won't work correctly. any
> help would be great. Thanks.

It's done by routing, not NAT.

route del your.network/mask
route add ip.of.router dev eth0
route add your.network/mask via ip.of.router

but I recommend you to move the proxy to a "dmz" network managed by the
firewall.

LAN -> firewall -> Internet
          |
          | DMZ network
          |
          +---> proxy
          |
          +---> protected web server (if you have one)
          |
          +---> other protected servers (if you have)
          |
          ...

Regards
Henrik

Received on Sat Jan 06 2007 - 08:03:00 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST