Re: squid + transparent proxying + ssl prots ?
> yip that sounds corrcet do you have an example for me ? of how to forward
> from my internal nic to the gatway nic ?
>
> Thanks a stack
> >> Hi.
> >>
> >> Please can some one advise how to setup squid to transparently proxy
ssl
> >> ports, it's currently proxing http with no problem..
> >>
> >> Many thanks
> >> Gregory Machin
> >>
> >
> > It sounds like what you need is masquerading or possibly port
forwarding.
> > I
> > manage a squid proxy for my company but no other connections are
proxied.
> > Instead we use a machine as an internet gateway and use masquerading to
> > route SSH connections off the local private subnet to the internet.
Many
> > organizations do this. One way to do this is with iptables. Let me
know
> > if
> > you'd like some examples.
> >
> > <|>/\\/|<|>
Hmm. Looks like some lines were wrapped in my last post. Here's the script
again as an attachment.
<|>/\\/|<|>
#!/bin/bash
IPTABLES=/usr/sbin/iptables
MODPROBE=/sbin/modprobe
LOCALNET=10.0.0.0/8
INT=eth0 # Name of the internal lan side network card
EXT=eth1 # Name of the external internet side network card
$MODPROBE ipt_MASQUERADE
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_nat_ftp
# Enable forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# This clears existing rules and sets default policies
# These policies assume you have a firewall between the gateway and the internet
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# Masquerading rules
$IPTABLES -A FORWARD -i $EXT -o $INT -d $LOCALNET -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INT -o $EXT -s $LOCALNET -j ACCEPT
# Perform actual masquerading in postrouting
$IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE
Reply to: