Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a squid proxy server 192.168.1.1, internet is on eth0 and eth1 is local LAN, and several other boxes getting their IP's via DHCP, all fine no problem. Squid uses port 3128 and I had to point all the browsers of the other boxes to this port using the rules added to my firewall:-
iptables -A OUTPUT -j ACCEPT -m state --state NEW -o eth0 \
-p tcp --dport 80
Is it possible to configure the iptables rules so that all the browsers point to the standard port 80 and it gets redirected to 3128. I have httpd running, but only for the LAN, I do not require it to be accessible from 'outside'.
Thanx in advance.
My knowledge of iptbales is limited to say the least....
What your asking for is called transparent proxy.
As far I can see from your setup this is exactly what you have accomplished.
First rule syas: "Before determining the interface to send the packet, check to see if it is comming in on eth1 and if it is a port 80 packet. If so then redirect it to localhost:3128, which is your squid proxy."
Its working but not exactly how I'd like. I was wanting to leave all the browsers on the network using port 80 but have my firewall redirect all traffic to squid on port 3128 on the same interface?
That should do it. Exchange the ipaddress to your squid server.
This rule says: "Before determine the destination interface (routing), cheeck to see if the packet came in on eth1 and was a port 80 packet. If that's the case then change destination to ipaddressort."
Also make sure the rule gets in the right place in the chain so that no other rules stop your packets before they reach this rule.
My main box is has 2 eth cards, eth0 is internet and gets its ip via dhcp from cable modem, and eth1 is my internal network range 192.168.1.1 staic. This nic give out ip's in the range 192.168.1.100-200 to the boxes on the network. This main box is my dhcp, www, ftp, apache, squid and name server for the small network, i was wanting to use squid as the proxy for the network but without having to reconfigure every browser, and still have internal acess only to my apache sever, a kind of local intranet? Does that help in anyway!?
Then we're back to the first situation, rule with REDIRECT target.
Instead of running iptables rules with -A option, try to enter the rules using -I instead.
This would ensure that your rules get inserted as first rule instead of being appended at the end.
There might be some rule high in the chain blocking your squid packets before they reach this transproxy rule.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.