Re: [squid-users] Transparent proxy from different networks

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 7 Oct 2008 16:09:03 +1300 (NZDT)

> Hi all:
>
> I have a Squid running on 192.168.1.1 listening on 3128 TCP port. Users
> from 192.168.1.0/24 can browse the Internet without problems thanks to a
> REDIRECT rule in my shorewall config.
>
> But users from differents networks (192.168.2.0/24, 192.168.3.0/24,
> etc.) can't browse the Internet. Those networks are connected to
> 192.168.1.0/24 via a VPN connection.
>
> My redirect rule in iptables syntax is like this:
>
> iptables -t nat -A PREROUTING -s 0.0.0.0/24 -i eth2 -p tcp --dport 80 -j
> REDIRECT --to-ports
>
> Is there a restriction to work transparent proxy for other networks
> different from 192.168.1.0/24? Do I have to configure squid to listen on
> each range o network addresses?

Your current rule is restricting the REDIRECT to specific interface and
0.0.0.0 source. not sure host that 0.0.0.0 bit works.
Does the VPN traffic come in from a virtual interface?

There should also be a SNAT or MASQUERADE rule creating symetry for the
proper routing of replies.

The entire ruleset you need is listed in the wiki:
  http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

Amos
Received on Tue Oct 07 2008 - 03:09:07 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 07 2008 - 12:00:03 MDT