Re: squid + transparent proxying + ssl prots ?
> yip that sounds corrcet do you have an example for me ? of how to forward
> from my internal nic to the gatway nic ?
> Thanks a stack
> >> Hi.
> >> Please can some one advise how to setup squid to transparently proxy
> >> ports, it's currently proxing http with no problem..
> >> Many thanks
> >> Gregory Machin
> > It sounds like what you need is masquerading or possibly port
> > I
> > manage a squid proxy for my company but no other connections are
> > Instead we use a machine as an internet gateway and use masquerading to
> > route SSH connections off the local private subnet to the internet.
> > organizations do this. One way to do this is with iptables. Let me
> > if
> > you'd like some examples.
> > <|>/\\/|<|>
Hmm. Looks like some lines were wrapped in my last post. Here's the script
again as an attachment.
INT=eth0 # Name of the internal lan side network card
EXT=eth1 # Name of the external internet side network card
# Enable forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# This clears existing rules and sets default policies
# These policies assume you have a firewall between the gateway and the internet
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# Masquerading rules
$IPTABLES -A FORWARD -i $EXT -o $INT -d $LOCALNET -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INT -o $EXT -s $LOCALNET -j ACCEPT
# Perform actual masquerading in postrouting
$IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE