Re: [squid-users] squid transparent proxy

From: Indunil Jayasooriya <>
Date: Thu, 3 Apr 2008 15:28:27 +0530

> You are right I am using port 8080. As I mentioned I have 2 machine the 1st machine is my Firewall/NAT server wherein the iptables configuration already stated that it should redirect port 80 to 8080

Oh , Squid is Not running on this box. then, REDIRECT will not work.
What Your firewall can do is MARK port 80 traffic and route it via
squid box. that is Known As Transparent Proxy to a Remote Box

you need both iptables and ip route2 pkgs.

Okay, below are the rules, you need to add.

On your firewall, pls add below rules

    iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s
    iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
    ip rule add fwmark 3 table 2
    ip route add default via ipaddressofsquid-box dev eth1 table 2

dev eth1 is connected to squidbox. pls change it accodingly.

On your squid Box, Pls add beow rules.

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080

this is where REDIRECT takes place.

In addition to that, you will have to make sure, port 8080 is open on
this squid box , since squid is running on port 8080.

I thinkeverything is open on squid box.

Now, clients gateway is the ip of the firewall/NAT box. and also check
Dns in clients.

here's another useful urls

Good luck

Thank you
Indunil Jayasooriya
Received on Thu Apr 03 2008 - 03:58:32 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT