i have problems in squid as well as using netfilter nat table
actually i am trying to understand the procedure of netfilter with squid
i am using the tranparent proxy and in my rc.local ( /etc/rc.d/rc.local ) i used these parameters
1) echo '1' > /proc/sys/net/ipv4/ip_forward
2) /sbin/iptables -P FORWARD ACCEPT
3) /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
4) /sbin/iptables -t nat -A POSTROUTING -p all -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0 -j MASQUERADE
at first line i am enabling the forwarding
what is the meaning of sencond line i cant understand (may be accepting all packets from forwarding chain)
at third line i am entering a rule in nat table as = if the packets come from interface eth0 that have protocol tcp with port 80 then send these packets to 3128. ( i am using here dnat)
now what is happening here at this line . all packets come from eth0 r going to squid port ? (am i true or not)
at fourth line i am changing the source address of outgoing packets . if all is done here then what is happening in squid. what is doing squid with these packets.
( important )
another problem i am facing is that i created a file in squid that reject all machines that i dont wnat to use internet
when i was not using the squid as proxy it (a file that contains deny ips) is working well but now after changing squid to transparent any one who has the dns and gateway can access the internet mean i can't avoid peoples to use internet.
what can i do now to avoid those people who know the dns and gateway and why my file in squid is not working that is avoiding macines to use net
actually i have confusion in both mixing nat and squid
tell me in detail or refer me some usefull sites (except netfilter.org) through which i can under stand the complete procedure
reply me on this addrees
m_alvi82@hotmail.com