-2

I have network setup like this with external and internal network.

I have successfully got squid running with proxy for internal browser and now I want to set up as transparent but having some problem.

network

THIS IS MY NETWORK

First, I did change "http_port 8080 intercept" but having trouble with setting up correct Iptables on the external server as the packet is not getting back to squid box.

iptables --policy INPUT DROP 
iptables --policy OUTPUT DROP 
iptables --policy FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT 
iptables -A OUTPUT -0 lo -j ACCEPT
iptables -t nat -A POSTROUTING -o enpos3 (this is NAT) -j MASQUERADE
iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 80 -j DNAT --to-destination 10.10.1.254:8080
iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 80 -j REDIRECT --to-port 8080

This is far as I got and internet works fine on internal pc but I'm not sure how to redirect http 80 packet to Squid box (10.10.1.254:8080)

lufee
  • 169
  • 2
  • 10
  • 1
    This is off-topic for here as this place is for programming related question, this looks like a setup and admin question. You should self migrate this question over to [Server Fault](https://serverfault.com) where you may get some assistance. – user3788685 Aug 18 '18 at 13:37

1 Answers1

0

Couple of things.

From the diagram it is not clear where is the Squid Box. Considering you are setting up a Transparent proxy it will be in between your internal network and WAN connection which I believe you might have taken care of. Please check

  1. Considering this a dual homed box you need to set Default Gateway to point to your Squid Box WAN interface.
  2. You do need Reverse Path Forwarding enabled.
  3. Last but least IP packet forwarding enabled.
Shahnawaz Azam
  • 11
  • 2