Quote:
Originally Posted by davimint
slimm609,
I was under the impression that if I used iptables correctly to redirect port 80 to 3128 which is the squid port that it would work in ransparent mode. Any Idea's on if that is possible.
Thanks again.
|
Sorry, my english is not good, but i'll try.
You are using iptables to redirect traffic to squid, but this command:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
will not redirect local (generated by local process) traffic to squid, because squid is local process too. Chain PREROUTING is placed after network interface, but before local processes. But you are need to redirect traffic from local process (browser) to local process (squid). You can do this by setting proxy settings in your browser. Or you can try to redirect traffic by this:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
All requests on port 80 will go to port 3128 on local machine. But it is not all. If you will do so, all requests from squid to port 80 will go back to squid on port 3128. And it will be cycle.
You will need to think about ports that uses squid to send requests. If browser, for example, sends requests from local ports 1000-2000, but squid uses for this another range of ports, let it be for example, 5000-10000, you can use this to split requests by this:
iptables -t nat -A OUTPUT -p tcp --dport 80 -m multiport --sport 1000:2000 -j REDIRECT --to-port 3128
I'm not sure that browser and squid using different port to send requests, but you can try.
If short - your trouble is in iptables.
For complete information on iptables you're better to go here: h t t p : / / i p t a b l e s - t u t o r i a l . f r o z e n t u x . n e t /
Hope i was useful