I recently set up a server at home that has a squid proxy and also managed to connect clients via openvpn.
Both work well for themselves, but it seems whenever I connect through the VPN, the http traffic does not get forwarded to squid (no entries in access.log, blocked sites accessible).
I do not know my way around iptables too much and was glad that I managed to redirect the non-VPN traffic through squid. But here at this combination, I am lost. Tried my best finding the solution but iptables itself is a beast already and in combination with squid and openvpn it does not get easier.
eth0 is my "normal" network interface, tun is the openvpn one. For the tests, I deactivated the general drop rules:
:PREROUTING ACCEPT [40:1842]
:INPUT ACCEPT [3:467]
:OUTPUT ACCEPT [3:191]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.178.0/24 -j MASQUERADE
:INPUT ACCEPT [4:507]
:FORWARD ACCEPT [33:1116]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j ACCEPT
:PREROUTING ACCEPT [9281:9023546]
:INPUT ACCEPT [8467:8721936]
:FORWARD ACCEPT [814:301610]
:OUTPUT ACCEPT [9176:8879121]
:POSTROUTING ACCEPT [9989:9180651]
All those rules were created with some guides I found, so some things here might be too much but apart from the problem mentioned, it works for me.
I tried copying the PREROUTING rule with -i tun+, but it does not work.
Can anyone please help me here?