[squid-users] Transparent Proxy
John Sayce
jsayce at asdlighting.com
Wed Sep 7 08:51:49 UTC 2016
I believe so. The specific command I used was:
iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT --to-port 3128
(For some reason my adapter is ens33, I have no idea why it's not eth0. Squid is set to run on 3128.)
And after running this command port 80 now shows as being open with nmap.
And the output from iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
It's fair to say I have almost no experience with iptables. Is it iptables that should be doing the address translation? when the packet is sent back to the client?
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Antony Stone
Sent: 07 September 2016 09:28
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Transparent Proxy
On Wednesday 07 September 2016 at 10:23:02, John Sayce wrote:
> I'm trying to set up a transparent proxy but I'm fairly sure I'm
> missing something.
>
> I've followed the instructions on the juniper website along with a
> couple of other blogs as per:
> https://damn.technology/using-squid-juniper-pbr-transparent-proxy
You *have* applied the iptables rule on the machine running squid as described on that page, yes?
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
3128
Antony.
--
This email was created using 100% recycled electrons.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list