Hi there,
i just finished setup a proxy machine that runs in a separate box from gw.
the adresses i use in firewall are
squid box = 10.5.5.121
gw = 10.5.5.1
lan = 10.5.5.0/24
i have the following iptables rules
on squid box
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
on gw
Code:
Code:
iptables -t nat -A PREROUTING -i eth1 -s ! 10.5.5.121 -p tcp --dport 80 -j DNAT --to 10.5.5.121:3128
iptables -t nat -A POSTROUTING -o eth1 -s 10.5.5.0/24 -d 10.5.5.121 -j SNAT --to 10.5.5.1
iptables -A FORWARD -s 10.5.5.0/24 -d 10.5.5.121 -i eth1 -o eth1 -p tcp --dport 3128 -j ACCEPT
everything appears to function right, except the fact that all the logs in squid log appear as if they're coming from gw IP 10.5.5.1, no matter from what machine they were initiated.
here's an example
Code:
1282549242.411 74219 10.5.5.1 TCP_MISS/200 285 GET some_http_address - DIRECT/208.43.202.34 text/html
my question is how can i modify the iptables rules so it will forward the real ip's where the requests are originated from.
thanks in advance.