Hi,
Welcome to LQ.
If you enable IP forwarding on what I'll call your server (the box with squid) and if its routing table is set correctly, then its default behavior will be to route incoming packets (that are not addressed to itself) to the appropriate place. So if a 192.168.0.x client requests something from the Internet, the request will be forwarded to your router. If you wish to block this access (for, say http and/or https) then you will have block this with rule(s) in the (iptables') FORWARD chain. Likewise, if you wish to redirect any http and/or https requests to squid (thereby making it a transparent proxy) then you can do so in the nat table's PREROUTING chain using the REDIRECT target. Anything that you don't block (DROP or REJECT) or REDIRECT will be passed along.
The other issue you might have is making sure return packets from the Internet get back to the original 192.168.0.x machine. There are two ways of handling this. You can
either tell the router to route packets destined for 192.168.0.0/24 through your server
or you can SNAT the outgoing packets (from 192.168.0.x to the Internet) such that they look like (to your router) they come from your server. (When the router sends the return packets to the server, the server will automatically "do the right thing" such that the packets get back to the originator.)
If you have never used iptables before, I think it would be a good idea to get an overview of it before you start creating rules, just to gain an appreciation of what you're doing. (And making mistakes less likely!) I would suggest looking at the
packet-filtering-HOWTO and the
NAT-HOWTO. And, of course, the iptables'
man page is always a handy reference. That said, the rules you
might be interested in to do what I've said above might be similar to:
Code:
WAN_INT=<eth0 or eth1 as appropriate for access to your router>
LAN_INT=<eth0 or eth1 as appropriate for access to LAN>
LAN=192.168.0/24
WAN_IP=192.168.1.2
iptables -A FORWARD -p tcp --dport 80 -j DROP
iptables -A FORWARD -p tcp --dport 443 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o $LAN_INT -s $LAN -j SNAT -to-source $WAN_IP
(If you use the PREROUTING rule(s), the corresponding FORWARD chain rule(s) are irrelevant.)
I've tried to give you a quick overview to give you a general understanding. I strongly encourage to read the HOWTOs I mentioned before trying to implement. If you need more detail, feel free to post back specific questions.