[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SOLVED] Re: Transparent proxy - forwarding does not work

Alex Samad wrote:

On Tue, Jan 15, 2008 at 08:11:34AM -0200, Eduardo M KALINOWSKI wrote:

Alex Samad wrote:
if you are only trying to capture http request from this machine (the same as the proxy) then you need to use the output chain 
OK, so I changed the line and ran

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
This does make the requests go through the proxy. However, I can only access objects which are already in cache. When squid needs to fetch an 
sounds like the problem
set tcp_outgoing_address in squid.conf, assign you box 2 addresses, 1 for normal use and the other for squid use and then setup the iptables filter to only pick up from the first
Well, this solution is far more complicated than what I wanted, so I took a look at iptables' manpage and discovered that matching can be done based on the UID that is running the process, so the idea is to let requests made by user 'proxy' through, and redirect all others to the proxy. This accounts to the two lines
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT 
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128



--
Well, it's hard for a mere man to believe that woman doesn't have equal rights.
		-- Dwight D. Eisenhower

Eduardo M KALINOWSKI
ekalin@gmail.com
http://move.to/hpkb
Reply to: