iptables, DansGuardian, and Squid.
Hello I am trying to setup DansGuardian and Squid with no luck. Could some one please help me with my iptables config?
I am using Nat
eth1 is my public IP 63.119.169.XX
eth0 is my private IP 192.168.1.254
I am trying to set it up so all http requests on port 80 are sent to a transparent proxy (port 3128) and to DansGuardian (port 8080)
Here is the sample config from the site, however I cannot figure out how to change it so my NAT will still work.
Once you have Squid and DansGuardian set up, the final step is to implement a transparent proxy using iptables. Use the following commands at the command line to add rules to the firewall to allow the user squid to access both the Internet and the Squid proxy we set up.
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
The next command redirects Internet traffic from all users, other than squid and any exempt users, to the filter on port 8080:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
Since we have a proxy server set up, a user could configure a Web browser to bypass the filter and access the proxy directly. The Squid proxy is listening for requests from the computer, and it doesn't care which user sends the request. We could set up our firewall to deny all access to the proxy except from our filter, but let's be a little sneakier. Let's set it up so that direct requests to the Squid proxy server, except from our filter, get redirected through the filter. To do this, use the following command:
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
Any help would be great.
Thanks!
Toby
|