I am currently trying to configure a transparent proxy. When I configure Firefox manually on the client (to use 192.168.20.2 port 3128) everything works fine and traffic flows through the proxy like it should. However, when I try to make it transparent nothing works. The client can connect to the DNS (on the same machine as the proxy) and get an IP, but it can't connect to the website and eventually times out.
Here is what the traffic on the proxy looks like from iptraf.
Code:
192.168.20.3:1092 = 2 94 RESET eth0 <--client
192.168.20.2:3128 = 1 48 S-A- eth0 <--proxy
Firewall code.
Code:
#Forward all internal HTTP traffic to SQUID proxy."
$IPTABLES -t nat -A PREROUTING -i $IFACE_INT -s ! $IP_DHCPSAMBA -p tcp --dport 80 -j DNAT --to $IP_DHCPSAMBA:$PORT_PROXY
$IPTABLES -t nat -A POSTROUTING -o $IFACE_INT -s $NET_EXT -d $IP_DHCPSAMBA -j SNAT --to $IP_EXT
$IPTABLES -A FORWARD -s $NET_EXT -d $IP_DHCPSAMBA -i $IFACE_EXT -o $IFACE_INT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport $PORT_PROXY -j ACCEPT
$IP_DHCPSAMBA = machine proxy is on
$IFACE_EXT = eth0
$IFACE_INT = eth2
$PORT_PROXY = 3128
$NET_EXT = 192.168.138.0/20
squid.conf
Code:
http_port 3128
icp_port 0
acl tpnetwork src 192.168.20.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80 21 443 563 70 210 1025-65535
visible_hostname TestSAMBA.tptest.int
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_access allow tpnetwork
http_access deny all
ident_lookup_access deny all
no_cache deny all
cache_effective_user squid
cache_effective_group squid
logfile_rotate 2