-   Linux - Networking (
-   -   IPTABLES: routing VPN users through transparent Squid (

silentwol 08-21-2010 11:35 AM

IPTABLES: routing VPN users through transparent Squid
Hello all!

I'm hoping someone can help me out - I've been tearing my hair out over this!

I have pptpd and squid set up. I want give these users access to the internet, but would like to send http traffic through a squid proxy.

Hopefully this rough diagram will give you an idea of what I'm trying to achieve:


VPN users connect to pptpd
    \ | /
    / \
 http  everything else
  |    |
  |    |
  |    |
squid    |
  |    |
    \  /
    \ /

If I set up the following iptables rule, users can connect to the internet:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I can also connect to squid from the local network (e.g.

Now, I was hoping another simple rule would redirect all http traffic through squid:

iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 80 -j REDIRECT --to-port 3128
But this doesn't seem to work (I'm also hoping ppp+ is the correct formatting for a wildcard). Http traffic is never redirected and bypasses the proxy :(

Can anyone suggest how to get this working?

I don't really know much about this stuff I'm afraid :( I would also love some recommendations for ways in which I can debug the system, e.g. which log files to look at, tcpdump commands etc. I find the iptables documentation extremely bewildering!


nimnull22 08-22-2010 03:07 PM

Your rule looks correct except for "-i ppp+" - input interface.
You can type - "ifconfig -a" to see all interfaces and put one belongs to TUN.

I thing the problem is there.

All times are GMT -5. The time now is 04:10 PM.