[squid-users] Re: Squid 3.3 Intercept Proxy -- Traffic routing to Squid Box..Now what? :)

Hey All, I've followed
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
guide and have my IPTABLE Firewall correctly routing HTTP traffic. My
Firewall and Squid are different devices.

Client --> RouterA --> DMZ(Squid) --> RouterA --> Internet

 I verified traffic is getting routed to Squid box by doing a tcpdump on the
squid box where I see traffic coming in for external IPs for port 80.

I'm not sure what steps to perform next, as well as how this will
theothreticlaly work since Squid is receiving traffic with a destination IP
that isn't it's own. For example, client tries to connect to 8.8.8.8:80

Client -- 8.8.8.8:80 --> RouterA (Policy Marks and pushes to Squid) --
8.8.8.8:80 --> Squid

The tcpdump sees source as Client's IP and the Destination as 8.8.8.8 with
TCP 80 yada yada.

RouterA's IPTABLE
iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 2
iptables -A PREROUTING -s $CLIENT-SUBNET -p tcp -m tcp --dport 80 -j MARK
--set-mark 2
iptables -A PREROUTING -m mark --mark 2 -j ACCEPT

# ip rule
from all fwmark 2 lookup proxy

# ip route list table proxy
default via $SQUIDIP dev eth1

Squid IPTABLE
iptables -A PREROUTING -s $SQUID_DMZ_IP -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -A POSTROUTING -j MASQUERADE

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-3-Intercept-Proxy-Traffic-routing-to-Squid-Box-Now-what-tp4660046p4660058.html
Sent from the Squid - Users mailing list archive at Nabble.com.