Hi!
I have a problem with squid3 is transparent mode.
In our LAN we have a firewall (with 3 interfaces), a squid (squid3) machine and a couple of clients. So the squid is on another machine as the firewall.
I configured IPTables, that forwards the web requests to the squid box, so added these rows to the existing config of IPTables:

iptables -t nat -A prerouting -p tcp -i "LAN_IFACE" -s "my_client_IP" --dport 80 -j DNAT --to-destination "squid_machine_IP":8080
and
iptables -t nat POSTROUTING -o INTERNET_IFACE -j MASQUERADE

I think, this two rules have to forward my web requests to squid box IP and port.

The squid is running perfect, if I set the web browser proxy settings manualy. But when I set the proxy to transparent mode (remove browser proxy settings and set in squid.conf: http_port "SQUID_IP":8080 transparent), on my client in web browser any of the web sites cannot be displayed, the browser search for IP, and doesn't find any website.

If I change the POSTROUTING by remove the interface, so:
iptables -t nat POSTROUTING -j MASQUERADE
then the browser says for all web site:
Invalid URL etc, with title SQUID3, so it seems, the packets forwarded to squid, but after that I can't understand, what happens.

If I set my client's gateway to squid machine IP manually (the squid machine gateway is the firewall), it works fine in transparent mode too. But the clients works with DHCP, and the default gateway is the firewall on every client.

I think, that something wrong yet with the packets direction, or addresses. I read, that someone uses SNAT instead MASQUERADE, but it did not help.


Could you please help me to solve the problem? Thank you in advance!!!