[SOLVED] Re: Transparent proxying iptables help needed
Vikram Goyal
vikigoyal at gmail.com
Thu Apr 13 16:30:49 UTC 2006
On Wed, Apr 12, 2006 at 08:55:53PM +0530, Vikram Goyal wrote:
> Hello,
>
> I am trying to port forward all requests to web through squid at port
> 3128. I have dsl connection and my box has statisc ip of 192.168.1.101
> on FC5 and a caching name server on localhost.
Replying to myself. I was able to solve the problem. Pasting iptables
config to help others.
# -----------------------------------------------------------------
# ADDITION
# --------
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:Firewall-1-NAT-O - [0:0]
-A OUTPUT -j Firewall-1-NAT-O
# >>>iptables-Suid-Dansguardian<<<
# FOR SQUID AND DANSGUARDIAN
# Tranparent proxying
# NOT NEEDED -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
# NOT NEEDED -A PREROUTING -p tcp --dport 3128 -j REDIRECT --to-ports 8080
# Rule to allow the user squid to access both the Internet and the Squid proxy we set up.
#-A Firewall-1-NAT-O -p tcp --dport 80 -m owner --uid-owner squid -j LOG --log-prefix "Squid-Accept-80: "
-A Firewall-1-NAT-O -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
#-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner squid -j LOG --log-prefix "Squid-Accept-3128: "
-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
# To exempt from filtering — a parent,(root - for yum for example)
# ROOT EXEMPTED
# BYPASS DANSGUARDIAN BUT NOT SQUID FOR ROOT
#-A Firewall-1-NAT-O -p tcp --dport 80 -m owner --uid-owner root -j LOG --log-prefix "Root-redirect-80-to-squid: "
-A Firewall-1-NAT-O -p tcp --dport 80 -m owner --uid-owner root -j REDIRECT --to-port 3128
#-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner root -j LOG --log-prefix "Root-Accept-3128: "
-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner root -j ACCEPT
# The next command redirects Internet traffic from all users, other
# than squid and any exempt users, to the filter on port 8080:
#-A Firewall-1-NAT-O -p tcp --dport 80 -j LOG --log-prefix "REDIRECT-80-to-8080: "
-A Firewall-1-NAT-O -p tcp --dport 80 -j REDIRECT --to-port 8080
# Redirect squid to dansguardian to for forced content filtering
#-A Firewall-1-NAT-O -p tcp --dport 3128 -j LOG --log-prefix "REDIRECT-3128-to-8080: "
-A Firewall-1-NAT-O -p tcp --dport 3128 -j REDIRECT --to-port 8080
COMMIT
--
vikram...
||||||||
||||||||
^^'''''^^||root||^^^'''''''^^
// \\ ))
//(( \\// \\
// /\\ || \\
|| / )) (( \\
--
Put your brain in gear before starting your mouth in motion.
--
O
~|~
=
Registered Linux User #285795
More information about the fedora-list
mailing list