ochienged |
06-02-2009 03:34 AM |
Forcing http request through Squid Proxy Server(Transparent proxying)
Am configuring a transparent proxy using iptables and squid version 2.6 stable on a CentOS 5.2 box. The following are my results:
Quote:
On confirguring proxy settings in the browsers, the desired results are achieved. However, removing them the requests timeout.
|
The problem is this is not the desired design, HTTP requests should be directed to squid without the need to configure the clients browsers. This is what I have done:
1) Made squid to listen on default port.
Quote:
http_port 3128 transparent
|
2) Configured my iptables as below:
Quote:
# Generated by iptables-save v1.3.5 on Thu May 28 15:27:35 2009
*mangle
:PREROUTING ACCEPT [14769:1931153]
:INPUT ACCEPT [14672:1900365]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6115:893955]
:POSTROUTING ACCEPT [6427:965079]
COMMIT
# Completed on Thu May 28 15:27:35 2009
# Generated by iptables-save v1.3.5 on Thu May 28 15:27:35 2009
*filter
:INPUT ACCEPT [14672:1900365]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6115:893955]
-A INPUT -s ! 192.168.0.101 -d 0.0.0.0 -i eth0 -p tcp -m tcp -j ACCEPT
-A FORWARD -s 192.168.0.0 -d ! 192.168.0.101 -i eth0 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp -j ACCEPT
COMMIT
# Completed on Thu May 28 15:27:35 2009
# Generated by iptables-save v1.3.5 on Thu May 28 15:27:35 2009
*nat
:PREROUTING ACCEPT [220:23170]
:POSTROUTING ACCEPT [116:18308]
:OUTPUT ACCEPT [116:18308]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.0.0 -i eth0 -j DNAT --to-destination 192.168.0.101
COMMIT
# Completed on Thu May 28 15:27:35 2009
|
Kindly note that the proxy server and the iptables are on the same box.
|