SuSEfirewall2 and an non local transparent squid proxy

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SuSEfirewall2 and an non local transparent squid proxy

Hans-Peter Jansen-2
Hi,

in a LAN setup, there's a fairly current squid proxy running (3.5.17), which
is NOT on the firewall, while the FW is located on a low end system running
an older openSUSE with SuSEfirewall2.

FW_DEV_EXT="dsl0"
FW_DEV_INT="eth0"

e.g. the usual simple DSL <-> masqueraded LAN setup.

Using the xxxx_proxy environment settings work fine with collaborating
systems, but I would like to force all local systems through the squid.

I tried to add something similar to /etc/sysconfig/scripts/SuSEfirewall2-custom:
iptables -t nat -A PREROUTING -i eth0 -s ! squid-server -p tcp --dport 80 -j DNAT --to squid-server:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-net -d squid-server -j SNAT --to 172.16.23.1
iptables -A FORWARD -s local-net -d squid-server -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

in the fw_custom_after_antispoofing hook, and others, but failed so far.

Source: http://tldp.org/HOWTO/TransparentProxy-6.html

Any other way to archive something similar is welcomed of course, e.g.
redirect 0/0:80 to squid-server:3128, but squid-server itself.

Thanks,
Pete


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]