Re: [squid-users] Interception caching problems

Indunil Jayasooriya Wed, 03 Sep 2008 21:34:49 -0700

Hi,


Pls fill below varable with yours.
$LAN= Lan  ip range. example- 192.168.0.0/24
$INTERFAZ_INT= Interface connects to the Internet
$INTERFAZ_LAN= Interface conncects to Lan
$LAN_IP of the squid box = Lan ip. example- 192.168.0.1

I use below rules for tranceparent interception on Linux.

#Enabling ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

#For squid traffic to Accept
iptables -A INPUT -d $LAN_IP -p tcp -s $LAN --dport 3128 -j ACCEPT

iptables -A FORWARD -p udp -s $LAN --dport 53 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp -s $LAN -m multiport --dports
20,21,22,25,43,53,80,443,110,143 -m state --state NEW -j ACCEPT

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m multiport --dports
20,21,22,25,43,53,80,443,110,143 -j ACCEPT

iptables -t nat -A POSTROUTING -p udp -o $INTERFAZ_INT -s $LAN --dport
53 -j SNAT --to-source $INT_IP
iptables -t nat -A POSTROUTING -p tcp -o $INTERFAZ_INT -s $LAN -m
multiport --dports 20,21,22,25,43,53,80,443,110,143 -j SNAT
--to-source $INT_IP

#Redirecting traffic destined to port 80 to port 3128
iptables -t nat -A PREROUTING -p tcp -i $INTERFAZ_LAN --dport 80 -j
REDIRECT --to-port 3128


in addition to that, Pls check you Clients PCs. their gateway, DNS servers

Re: [squid-users] Interception caching problems

Reply via email to