Squid inline proxy iptables NAT problems
Hello,
I have an ubuntu 10.04.2 LTS server running squid3 Version 3.0.STABLE19 (from the ubuntu repos) I am trying to make it an inline/transparent proxy/content filter. I have iptables redirecting http/https traffic into dansguardion and then squid. The server is acting as the default gateway and routing all users traffic. However the http/https redirect works, but it is NATing ALL the traffic which I don't want (seems to be breaking Active directory roaming profiles)
Here is my iptables-save:
# Generated by iptables-save v1.4.4 on Mon Apr 4 15:30:32 2011
*mangle
:PREROUTING ACCEPT [855113122:582485380359]
:INPUT ACCEPT [127717946:140042410136]
:FORWARD ACCEPT [727372975:442439981141]
:OUTPUT ACCEPT [98403120:134512077286]
:POSTROUTING ACCEPT [825776093:576952057715]
COMMIT
# Completed on Mon Apr 4 15:30:32 2011
# Generated by iptables-save v1.4.4 on Mon Apr 4 15:30:32 2011
*nat
:PREROUTING ACCEPT [6173878:454296263]
:POSTROUTING ACCEPT [1:252]
:OUTPUT ACCEPT [955651:57391201]
-A PREROUTING -s 10.62.0.4/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.62.0.4:8080
-A PREROUTING -s 10.62.0.4/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.62.0.4:8080
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Apr 4 15:30:32 2011
# Generated by iptables-save v1.4.4 on Mon Apr 4 15:30:32 2011
*filter
:INPUT ACCEPT [127717946:140042410136]
:FORWARD ACCEPT [727372976:442439981384]
:OUTPUT ACCEPT [98403117:134512076306]
COMMIT
# Completed on Mon Apr 4 15:30:32 2011
How can I have it just route traffic and redirect to squid/dansguardian?
Thanks in advance!!
--Forced
|