[squid-users] How to setup both Transpaent Proxy and firewall on the same Machine.

From: Indunil Jayasooriya <indunil75@dont-contact.us>
Date: Tue, 12 Jun 2007 13:22:40 +0530

Hi ALL,

I want to setup Transpaent Proxy on the box running iptables Firewall.

With iptables, I have given below rules.

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle

#Enabling ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

#enable syn cookies (prevent against the common 'syn flood attack')
echo "1" > /proc/sys/net/ipv4/tcp_syncookies

#do source validation by reversed path
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter

#Enable tracking mechanism
/sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT DROP
iptables -A FORWARD DROP
iptables -A OUTPUT DROP

in addition to that, There are many rules , ALL work fine.

in squid.conf file, I have added below rules,

http_port 3128
cache_mem 64 MB
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

And, Then, I did below command.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

But, When I browse Internet , request will not get ridirected to 3128
port. So I can not use squid as a Transpaent Proxy.

Where have I gone wrong?

I reffered to below URL.
http://www.tldp.org/HOWTO/TransparentProxy.html#toc2

Pls help me.

-- 
Thank you
Indunil Jayasooriya
Received on Tue Jun 12 2007 - 01:52:45 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT