how to make squid transparent ?

On my RHAS3 I have 2 NICs, one connected to internet with real IP
and the other connected to my local LAN.

With some gentle help from this group I have managed to set up the
required iptables rule

iptables -t nat -A POSTROUTING -s localNet/LocalMask -o eth0 -j SNAT
--to-source realIP_of_my_RH

on this server so that my RH now acts as a
gateway/nat/router for my local workstations reaching internet. I even
managed to configure a DHCP server for distributing local IP's.

I even managed issuing apropriate iptables command (listed below) so
that all the traffic of different real IP's would be forwarded
directly to seperate local IP's, allowing my local servers within NAT
to provide service to internet outside users, individually.

***************************************
ifconfig eth0:0 secondary_real_IP and_its_mask

iptables -t nat -A PREROUTING -d secondary_real_IP -j DNAT --to
local_IP

iptables -t nat -A POSTROUTING -s local_IP -j SNAT --to
secondary_real_IP
***************************************

I have also managed to install squid (2.5.STABLE9-20050321) and
configure it to act as a cache-server for the local clients.

What I want to do now is to configure my gateway to act as a
transparent-caching-proxy for the internal clients, so that no one
would have to modify their own web-browsers for proxy settings.

After reading, I have issued the command

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

from the site http://www.tldp.org/HOWTO/TransparentProxy.html but with
no success.

Thanks for any kind of help.

Regards.






Sanal Kisi

Sanal Kisi wrote:
> After reading, I have issued the command
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> from the site http://www.tldp.org/HOWTO/TransparentProxy.html but with
> no success.

Have you done the part of this document called Setting up squid?
If you don't configure squid as a transparent proxy it won't work.

> Thanks for any kind of help.
>
> Regards.

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

Sorry for bothering.

My mistake was using the wrong eth name within the the command

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

Everything works just fine now.

Thanks anyway.

On Tue, 22 Mar 2005 16:37:01 +0100, Jose Maria Lopez Hernandez
<(E-Mail Removed)> wrote:

>Sanal Kisi wrote:
>> After reading, I have issued the command
>>
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 3128
>>
>> from the site http://www.tldp.org/HOWTO/TransparentProxy.html but with
>> no success.
>
>Have you done the part of this document called Setting up squid?
>If you don't configure squid as a transparent proxy it won't work.
>
>> Thanks for any kind of help.
>>
>> Regards.
>
>Regards.