Hello,
I'm new to networking in Linux and don't get along with iptables.
My setup is like this:
Code:
web/ftp-server
/
Modem - Gateway/Router - (eth1) Squid proxy (eth0) - Switch - Users
The modem connection has 1 static/public IP address.
I'm running Squid version 3.4.7, static IPs for eth1 and eth0. IP of eth1 is 192.168.1.7, for eth0 it is 192.168.0.9.
I have configured Squid as a non-transparent proxy, i.e. just "http_port 3128". Along with ACLs for inbound connections I have also defined a virtual host (the www server) name.domain.tld like this:
Code:
http_port 80 accel defaultsite=www.domain.tld
cache_peer IP_OF_BACKENDSERVER parent 8080 0 no-query no-digest originserver name=site_www
acl site_www_users dstdomain site1.domain.tld
cache peer_access site_www allow site_www_users
cache peer_access site_www deny all
What I am totally at a loss of understanding is this:
- How do I configure the iptables properly so that the proxy server is reachable from outside and also so that when someone enters site1.domain.tld it will reach the backend server?
- How do I configure IP tables so that I ensure that all outbound trafic leaves the correct ethernet interface?
I have read many iptable examples regarding this, but they have all included transparent proxies. I don't think I want a transparent proxy though, but maybe this would be required when reverse proxying for outbound connections is needed?
Anything/Everything unclear - don't hesitate to ask.