[squid-users] Building a Squid Cache Brouter

Hello All,

I am trying to build a transparent squid server on a Linux 2.6 kernel
using the bridging code (br-nf)

INTERNET_GW <====== BRIDGE/SQUID <======= Client Nat Router

in this setup, the Client Nat router has the entire LAN behind it and
the Client nat router will have its default gateway as the
INTERNT_GW's IP address.
The BRIDGE/SQUID box will have two Ethernet cards, one connecting to
the "client Nat Router" and the other connected to the INTERNET_GW.
The BRIDGE/SQUID box will have one IP address on which Squid will be
listening of connections on.

My aim is to transparently redirect http traffic passing from the
"Client Nat Router" to the squid process configured on the router
without altering the gateway of the Client NAt Router.

Here are some of the ebtables/iptables that i have tried out but at
this point... i am not sure of how proceed

ebtables -t broute -A BROUTING --in-if $BR_IN -p IPv4 --ip-protocol
tcp --ip-dport 80 -j redirect --redirect-target ACCEPT
ebtables -t broute -A BROUTING --in-if $BR_IN -p IPv4 --ip-protocol
tcp --ip-dport 21 -j redirect --redirect-target ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $BR_IN -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp –-dport 80 -j REDIRECT
-–to-port $CACHE_PORT
iptables -t nat -A PREROUTING -i br0 -p tcp –-dport 21 -j REDIRECT
-–to-port $CACHE_PORT
iptables -t nat -A PREROUTING -i $BR_IN -p tcp –dport 80 -j REDIRECT
–to-ports $CACHE_PORT
iptables -t nat -A PREROUTING -i $BR_IN -p tcp –dport 21 -j REDIRECT
–to-ports $CACHE_PORT

could anyone out there help me to explain how to progress? is this
even possible at all?
Received on Thu Nov 13 2008 - 10:28:58 MST