Re: [squid-users] squid + iptables

Mon, 20 Oct 2003 04:21:55 -0700 

I have attached the file. Understand it and apply for you network.


Joel n.solanki
----- Original Message -----
From: "Paulo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 20, 2003 4:11 PM
Subject: [squid-users] squid + iptables


> A simple question from a Squid newbie: I have a Squid running ok in a
linux
> box and another box with iptables running ok too (my internet gateway).
What
> i have to do do in my iptables to block port 80 and permit http
connections
> through Squid ??? I am a little bit confused.
>
> hugs, Paulo
>

# TRANSPARENT WEB-CACHING USING NETFILTER, IPROUTE2 AND SQUID.

 --IMPLEMENTATION-- 
ADDRESSES USED

10.0.0.1  [ netfilter iptables gateway server]
10.0.0.2  [ ICG Squid server]
10.0.0.3  [ Main Cisco router]
10.0.0.4  [ Ldap Server]
10.0.0.5  [ Ras]


        ----------------\
        NETWORK DIAGRAM \
        ----------------\

                INTERNET
                |
                [Cisco router 10.0.0.3]
                |
        
------HUB/SWITCH------------------------------------------------------------------------
        |                       |               |                       |              
         |
        |                       |               |                       |              
         Etc.
        Netfilter               ICG             Ldap                    RAS
        Iptables                Squid           Server                  [ip=10.0.0.5]  
         [gw=10.0.0.1]
        Gateway                 Server          [ip=10.0.0.4]           [gw=10.0.0.1]
        Server                  [ip=10.0.0.2]   [gw=10.0.0.1]           
[ip=10.0.0.1]                   [gw=10.0.0.3]
[gw=10.0.0.3]


### REDIRECT PORT 80 TRAFFIC TO PORT 3128 ON MY SQUID SERVER

ICG-Squid #-> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT 
--to-port 3128

### POLICY ROUTING WITH IPROUTE2 AND IPTABLES ON NETFILTER IPTABLES SERVER

IPTABLES-NETFILTER #->  iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j 
MARK --set-mark 2

IPTABLES-NETFILTER #->  echo 202 www.out >> /etc/iproute2/rt_tables

IPTABLES-NETFILTER #->  ip rule add fwmark 2 table www.out

IPTABLES-NETFILTER #->  ip route add default via 10.0.0.2 dev eth0 table www.out

IPTABLES-NETFILTER #->  ip route flush cache

### DISABLE ICMP REDIRECTS
IPTABLES-NETFILTER #-> echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
IPTABLES-NETFILTER #-> echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
IPTABLES-NETFILTER #-> echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

### SETUP IS COMPLETED ..NOW CHECK THE CONFIGURATION
IPTABLES-NETFILTER #-> iptables -t mangle -L
IPTABLES-NETFILTER #-> ip rule ls
IPTABLES-NETFILTER #-> ip route list table www.out
IPTABLES-NETFILTER #-> ip route ls

Reply via email to