Suse 9.1 and iptables
I have set up Squid and Dansguardian on one box running Suse 9.1. I had everything set up fine and it allowed me to set up users Browsers to use the server as a proxy with dansguardian listening on port 8080. What I want to do is set up a Transparent Proxy so that I don't have to configure each clients browser to point towards the proxy. I have configured Squid and Dansguardian correctly (I hope) the only problem is that I can't get iptables to work. This is what I type in
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 yet when I type in iptables -nvL it shows me this Chain INPUT (policy ACCEPT 4800 packets, 346K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4035 packets, 228K bytes) pkts bytes target prot opt in out source destination It looks like my rule didn't get put in. Any clues would be good. |
-i eth0
I don't know what your internal interface is (your users lan) most of the time eth1 is used |
I only have one ethernet card in it and its eth0.
|
http_port 3128
httpd_accel_host virtual http_accel_port 80 httpd_accel_with_proxy on This will let Squid listen on port 80. |
This is how I have Squid set up
http_port 127.0.0.1 3128 httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_effective_user squid cache_effective_group squid This is how Dansguardian is set up filterip = 192.168.11.2 <------this is eth0, the only nic on the machine filterport = 8080 proxyip = 127.0.0.1 proxyport= 3128 accessdeniedaddress = 'http://192.168.11.2/cgi-bin/dansguardian.pl If I set up my client browsers to use 192.168.11.2 and port 8080 then it WILL block bad websites, but with transparent proxy I shouldn't have to set up the clients browser. Squid and dansguardian works, thats why I think it has something to do with iptables. |
if you use http_port 127.0.0.1 3128
the -i should be lo instead of eth0 iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-port 3128 |
All times are GMT -5. The time now is 01:00 AM. |