Iptables – How To Route All HTTP Traffic from eth1 to the Squid Proxy? The Iptable rules

iptablesPROXYsquidtransparent-proxy

I have just setup a squid proxy server. The server have two interfaces. eth0 connects to the router and eth1 is connected to a switch where all the other machines connect. The server also have a DHCP server. I have setup Squid3 on the machine and when I configure my browser to use that proxy (I network settings if I set the IP and the port), things work. But I need it as a transparent proxy where I don't have to setup the browser and all the requests will pass through the proxy.

It can be done by just setting the IPtable rules right? Some articles talk about changing sysctl.conf. I have tried the Iptable rules from a lot of tutorials and none worked. Please give me a working rule to add. Thank you.

PS : The server is Ubuntu 12.10

PS2 : If you can, please tell me how to add those rules for ufw

Best Answer

You should change the following to match your configuration:

eth1 : LAN interface
eth0 : WAN interface
Squid PORT : 8028

Below are the settings for Squid in transparent mode.

# NAT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

# Redirect
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 8028 -j REDIRECT --to-port 80 
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to IPaddress:8028
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8028
Related Topic