Hi all,

in security concerns, i am a absolute beginner. nevermind, i have a small network @home. on this net, each pc connects to a small server having iptables and squid in standard-configuration from suse 8.0 (it's quite an ancient machine...p1/133 mhz)

how do i have to do this? what changes do i have to issue on squid? which rules have i to insert in iptables? i found many posts here, but never was sure, wheather it is complete or not....

normally, i thought, i just leave the squid.conf as it is and just insert a port-redirection for from port 80 to 3128 with
iptables -t nat -A PREROUTING -i eth0 (my internal lan-card) -p tcp --dport 80 -j DNAT --to 192.168.0.254 (any natting adress desired)
, and thats all....but, is this really all?? thanx for any help

sorry, think command must be: $IPTABLES -t nat -A PREROUTING -i $IN_ETH (nic of internal lan) -p tcp
--dport 80 -j REDIRECT --to-port 3128

I am not sure if this will suit your requirements, but I currently do this with IPTABLES only.

I have an eth0 and a ppp0, with ip_forward enabled, and iptables set to MASQUERADE, i.e.

iptables -t nat -A POSTROUTING -s <my-other-pc-ip> -o ppp0 -j MASQUERADE

and this will nat all traffic. if you want to give people only HTTP access, you can add a rule to iptables.

this is natting the connection...no, my goal is leaving squid listening on port 3128 as is but having my browsers just with standard-setting and no entry for a proxy-server

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
...thats what i have done now, and nothing else! does anybody knows, whether this is working? all this does is redirecting requests on eth0 from port 80 to 3128....

after long research, i found the following article, which is quite good to
configure squid and iptables to act as proxy server:

http://www.tldp.org/HOWTO/TransparentProxy.html

hope this helps others too!

Cheers,
Roger