SETUP :
*Squid has been configured properly to act as transparent proxy.
*Squid & gateway-firewall, both are installed & working on a single box, so we donot need to do DNAT.
*Client is having SQUID/FIREWALL box to act as its gateway.
*As i have a static ip, i donot need to do MASQUAREDING as well.
*There's no rule running apart from the PREROUTING rule defined below & hence all the chains have their default policy as accept.
*Packet forwarding is enabled at kernel level.
*My LAN clients are not pointing towards any Name server.
As per the Official/Non-official howto's i only got to run
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp--dport 80 -j REDIRECT --to-ports 8080
& it is running also.
Now my queries,
What happens to DNS, name queries.
Whenever my client try to browse, e.g.
www.google.com, the first packet which comes to my box is for name conversion(dns) & not for port 80 & hence which doesnt hit the rule i am running & hence i am not able to make this transparent thing done. As its keep trying for name to ip conversion again & again for different DNS servers.
Though if i try to access any website with its ip address, i am not facing any problems, like in the same scenario i can browse google.com through
http://64.233.187.99/
So what else am i supposed to do to make my transparent proxy works, though i expect that i should not be running any other iptable rule apart from the one specified above.
Kindly correct me whenever i am wrong, as its all logic & probably i am missing something.
With best regards,
Amit sharma