Squid and IPTABLES in CentOS 6.2

skc · 05-24-2012, 09:24 AM

Hi All,

Here is my scenerio, I have two network in the office.
LAN1: 192.168.0.0/24
LAN2: 172.16.0.0/16

I have configured a machine with following:
eth0 has IP of 192.168.0.1 and can communicate to Internet
eth1 has IP of 172.16.0.1

squid/iptables has been installed on the machine.

I have webserver also which is configured at 192.168.0.2.

Now I need help to configure iptables for following:

1. all hosts of 172.16.0.0/16 can browse internet by redirecting 80 port to 3128 port to 172.16.0.1:3128.
2. No proxy connection from 172.16.0.0/16 to 192.168.0.0/24. (Direct Connection).
3. not to seen PROXY while check with http://www.whatismyip.com

regards
sunil
NEPAL

Ser Olmy · 05-24-2012, 09:40 AM

Quote:

Originally Posted by skc

1. all hosts of 172.16.0.0/16 can browse internet by redirecting 80 port to 3128 port to 172.16.0.1:3128.
2. No proxy connection from 172.16.0.0/16 to 192.168.0.0/24. (Direct Connection).

You can accomplish 1 with a simple REDIRECT rule. Put an ACCEPT rule right before it with 172.16.0.0./16 as source and 192.168.0.0./24 as destination, and you've taken care of 2. Untested:

Code:

iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 172.16.0.0/16 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128

For the above to work, squid must be configured as a transparent proxy.

Quote:

Originally Posted by skc

3. not to seen PROXY while check with http://www.whatismyip.com

What exactly do you mean? Do you want to suppress the HTTP headers, or do you want proxied HTTP requests to originate from the client IP rather than that of the proxy server?