[SOLVED] Re: Transparent proxying iptables help needed

Vikram Goyal vikigoyal at gmail.com
Thu Apr 13 16:30:49 UTC 2006


On Wed, Apr 12, 2006 at 08:55:53PM +0530, Vikram Goyal wrote:
> Hello,
> 
> I am trying to port forward all requests to web through squid at port
> 3128. I have dsl connection and my box has statisc ip of 192.168.1.101
> on FC5 and a caching name server on localhost.

Replying to myself. I was able to solve the problem. Pasting iptables
config to help others.

# -----------------------------------------------------------------
# ADDITION
# --------
*nat
:PREROUTING  ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT      ACCEPT [0:0]
:Firewall-1-NAT-O - [0:0]
-A OUTPUT -j Firewall-1-NAT-O

# >>>iptables-Suid-Dansguardian<<<
# FOR SQUID AND DANSGUARDIAN
# Tranparent proxying
# NOT NEEDED -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
# NOT NEEDED -A PREROUTING -p tcp --dport 3128 -j REDIRECT --to-ports 8080
# Rule to allow the user squid to access both the Internet and the Squid proxy we set up.
#-A Firewall-1-NAT-O -p tcp --dport 80   -m owner --uid-owner squid -j LOG --log-prefix "Squid-Accept-80: "
-A Firewall-1-NAT-O -p tcp --dport 80   -m owner --uid-owner squid -j ACCEPT
#-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner squid -j LOG --log-prefix "Squid-Accept-3128: "
-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT

# To exempt from filtering — a parent,(root - for yum for example)
# ROOT EXEMPTED
# BYPASS DANSGUARDIAN BUT NOT SQUID FOR ROOT
#-A Firewall-1-NAT-O -p tcp --dport 80   -m owner --uid-owner root -j LOG --log-prefix "Root-redirect-80-to-squid: "
-A Firewall-1-NAT-O -p tcp --dport 80   -m owner --uid-owner root -j REDIRECT --to-port 3128
#-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner root -j LOG --log-prefix "Root-Accept-3128: "
-A Firewall-1-NAT-O -p tcp --dport 3128 -m owner --uid-owner root -j ACCEPT

# The next command redirects Internet traffic from all users, other
# than squid and any exempt users, to the filter on port 8080:
#-A Firewall-1-NAT-O -p tcp --dport 80   -j LOG --log-prefix "REDIRECT-80-to-8080: "
-A Firewall-1-NAT-O -p tcp --dport 80   -j REDIRECT --to-port 8080

# Redirect squid to dansguardian to for forced content filtering
#-A Firewall-1-NAT-O -p tcp --dport 3128 -j LOG --log-prefix "REDIRECT-3128-to-8080: "
-A Firewall-1-NAT-O -p tcp --dport 3128 -j REDIRECT --to-port 8080
COMMIT
-- 
vikram...
         ||||||||
         ||||||||
^^'''''^^||root||^^^'''''''^^
        // \\   ))
       //(( \\// \\
      // /\\ ||   \\
     || / )) ((    \\
-- 
Put your brain in gear before starting your mouth in motion.
-- 
 O
~|~
 =
Registered Linux User #285795




More information about the fedora-list mailing list