Transparent Proxy Squid with internal and external network

I have network setup like this with external and internal network.

I have successfully got squid running with proxy for internal browser and now I want to set up as transparent but having some problem.

network

THIS IS MY NETWORK

First, I did change "http_port 8080 intercept" but having trouble with setting up correct Iptables on the external server as the packet is not getting back to squid box.

iptables --policy INPUT DROP 
iptables --policy OUTPUT DROP 
iptables --policy FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -0 lo -j ACCEPT
iptables -t nat -A POSTROUTING -o enpos3 (this is NAT) -j MASQUERADE
iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 80 -j DNAT --to-destination 10.10.1.254:8080
iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 80 -j REDIRECT --to-port 8080

This is far as I got and internet works fine on internal pc but I'm not sure how to redirect http 80 packet to Squid box (10.10.1.254:8080)

# redirect HTTP to locally installed Squid instance -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT --to-ports 3126 # redirect HTTPS to locally installed Squid instance -A PREROUTING -i ens33 -p tcp --dport 443 -j REDIRECT --to-ports 3127

Best Answer

If your Squid runs at default gateway (intercept ports 3126 and 3127), then the following iptables commands allow to redirect HTTP/HTTPS traffic from within your LAN into Squid's instance.

Taken from "Transparent HTTPS filtering using Squid" tutorial at https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html

Best Answer

Related Solutions

Iptables – Transparent Proxy with Squid / iptables

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

Related Topic