I am having trouble setting up a local web cache and filtering system using squid and dansguardian.
It works perfectly when the browser is configured to use the proxy box's ip (192.168.1.2) but I cannot create a working transparent setup – using iptables on the default gateway to redirect all port 80 traffic (except traffic from the proxy) to the proxy box.
I am using the mangle iptable to mark these packets, and I have an ip rule that routes them using a separate routing table, with only one entry, a default route to the proxy box.
How can I trouble shoot this? I guess my question is twofold, how can I follow packets of interest through iptables to see what happens to them, and what am I doing wrong in regards to my proxy setup?
Best Answer
The following howto shows example of transparent "intercept" redirection for Squid + arbitrary ICAP server using CentOS 7 with firewalld http://docs.diladele.com/tutorials/transparently_filtering_https_centos/index.html. Actually the extended HTTP/HTTPS commands are just plain iptables rules so it will be helpful in your situation. The problem with DG - it does not support ICAP but I am sure it can be configured as parent proxy for Squid.