Hi! i'm running public internet terminal and i use squid with squidguard to block unwanted urls.

squid and squidguard works fine, but i want use it transparently so anyone cant turn off proxy from browser settings...

using command for iptables;

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

i have tryed to redirect all traffic from port 80 to 3128 but it still dont have any effect. Traffic seem be still going throught port 80

so question is: can i use "nat based iptable" for local connections ?


SPECS:
----------------------------------------------------------------------------------

i have compiled all necessary things to kernel;

Networking support
- Sysctl support

Networking Options
- Network packet filtering
- TCP/IP networking

Networking Options -> IP: Netfilter Configuration
- Connection tracking
- IP tables support

- Full NAT
- MASQUERADE target support
- NETMAP target support
- NAT of local connections
- REDIRECT target support

File Systems
- /proc filesystem support



using these setting in squid.conf;

http_port 3128
http_port 80
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


iptables -nL -t nat

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination