On Thursday 01 May 2008 03:06:57 David Burgess wrote: > I'm attempting to setup squid3 for transparent proxying
> but I'm getting stuck at the iptables part. Both of these howtos > assume that squid is running on your router or a bridge, accepting web > request on an external interface, thus: > > INTERNET-----eth1-router/squid-eth0-----LAN > > But seeing that my squid will be running on the ltsp server, I'm > thinking connections aren't coming in on any ip interface. My network > is fairly typical ltsp thus: > > INTERNET------eth0-ltsp server/squid-eth1-------thin clients > > so I'm thinking web requests don't come into the squid host on any > ethernet interface, right? You got that right. For a transparent proxy you need to force all IP-packages adressed to the external interface, Port 52 (www) to localhost:3128 (assuming squid is listening on port 3128). But all users, who shall not use the proxy must not be redirected. Especially squid itself may not be redirected, otherwise no package could leave the system. In other words: iptables must handle packages on user basis. The following lines are the relevant part of rules from my firewall. They are responsible for the transparent proxying. They are to be inserted into your firewall-rules. It's up to you to modify them for your specific sytem. This are 3 rules (delete line breaks inserted by the mail client) # user squid shall pass it's packages to the interface ppp0: iptables -A OUTPUT -o ppp0 tcp --dport www -t nat -m owner --uid-owner squid -j ACCEPT # user root shall pass it's packages to the interface ppp0: iptables -A OUTPUT -o ppp0 tcp --dport www -t nat -m owner --uid-owner root -j ACCEPT # all other users packages to interface ppp0, port www will be redirected to port 3128 iptables -A OUTPUT -o ppp0 tcp --dport www -t -j REDIRECT --to 3128 -- Kai Wollweber Integrierte Gesamtschule Eckernförde ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
