LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   IPTABLES: routing VPN users through transparent Squid (http://www.linuxquestions.org/questions/linux-networking-3/iptables-routing-vpn-users-through-transparent-squid-827642/)

silentwol 08-21-2010 10:35 AM

IPTABLES: routing VPN users through transparent Squid
 
Hello all!

I'm hoping someone can help me out - I've been tearing my hair out over this!

I have pptpd and squid set up. I want give these users access to the internet, but would like to send http traffic through a squid proxy.

Hopefully this rough diagram will give you an idea of what I'm trying to achieve:

Code:


VPN users connect to pptpd
    \ | /
      |
      |
    / \
 http  everything else
  |    |
  |    |
  |    |
squid    |
  |    |
    \  /
    \ /
      |
    NAT
      |
  internet

If I set up the following iptables rule, users can connect to the internet:
Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I can also connect to squid from the local network (e.g. 192.168.1.1:3128).

Now, I was hoping another simple rule would redirect all http traffic through squid:
Code:

iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 80 -j REDIRECT --to-port 3128
But this doesn't seem to work (I'm also hoping ppp+ is the correct formatting for a wildcard). Http traffic is never redirected and bypasses the proxy :(

Can anyone suggest how to get this working?

I don't really know much about this stuff I'm afraid :( I would also love some recommendations for ways in which I can debug the system, e.g. which log files to look at, tcpdump commands etc. I find the iptables documentation extremely bewildering!

Thanks!

nimnull22 08-22-2010 02:07 PM

Your rule looks correct except for "-i ppp+" - input interface.
You can type - "ifconfig -a" to see all interfaces and put one belongs to TUN.

I thing the problem is there.


All times are GMT -5. The time now is 11:44 PM.