long lastin troubles with iptables & squid
Hi! i'm running public internet terminal and i use squid with squidguard to block unwanted urls.
squid and squidguard works fine, but i want use it transparently so anyone cant turn off proxy from browser settings...
using command for iptables;
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
i have tryed to redirect all traffic from port 80 to 3128 but it still dont have any effect. Traffic seem be still going throught port 80
so question is: can i use "nat based iptable" for local connections ?
SPECS:
----------------------------------------------------------------------------------
i have compiled all necessary things to kernel;
Networking support
- Sysctl support
Networking Options
- Network packet filtering
- TCP/IP networking
Networking Options -> IP: Netfilter Configuration
- Connection tracking
- IP tables support
- Full NAT
- MASQUERADE target support
- NETMAP target support
- NAT of local connections
- REDIRECT target support
File Systems
- /proc filesystem support
using these setting in squid.conf;
http_port 3128
http_port 80
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|