Wundy wrote:
> Greetings all!
>
> I am currently trying to run a transparent proxy in a testing environment.
> I have one VM with 2 network cards. 1 is set on vmnet2 the other one NAT to
> the internet.
> my server is running squid in transparent mode on the internal IP address of
> 192.168.0.12/24
> and the client is set on 192.168.0.7/24 with it's default gateway pointing
> towards 0.12.
> now when I try to open iceweasel I cannot get through to the internet, when
> I input my proxy settings, it does work.
>
> how do I fix this ?
> I tried redirecting traffic with IPtables but it didn't work,
> here is the script I used:
> eth2 is the internal lan
> eth1 the internet
> #!/bin/bash
> iptables -F
> iptables -X
> iptables -t nat -F
> iptables -t nat -X
> iptables -t mangle -F
> iptables -t mangle -X
> iptables -A INPUT -i eth2 -j ACCEPT
> iptables -A OUTPUT -o eth2 -j ACCEPT
> iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to
> 192.168.0.12:3128
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> best wishes
>
You should be able to use just:
iptables -t nat -A PREROUTING -s ! 192.168.0.12 -p tcp --dport 80 -
REDIRECT -to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
squid.conf:
http_port 3128 transparent
If that still won't work:
- Ensure that your squid has ONLY one transparent option
(--enable-linux-netfilter) configured.
- Check that squid is receiving requests (access.log or cache.log)
- Check squid has access outbound (usually cache.log)
- Check whether NAT is failing (cache.log)
Amos
-- Please use Squid 2.6.STABLE19 or 3.0.STABLE4Received on Mon Apr 28 2008 - 14:29:02 MDT
This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT