Hi,

in a LAN setup, there's a fairly current squid proxy running (3.5.17), which is NOT on the firewall, while the FW is located on a low end system running an older openSUSE with SuSEfirewall2.

FW_DEV_EXT="dsl0" FW_DEV_INT="eth0"

e.g. the usual simple DSL <-> masqueraded LAN setup.

Using the xxxx_proxy environment settings work fine with collaborating systems, but I would like to force all local systems through the squid.

I tried to add something similar to /etc/sysconfig/scripts/SuSEfirewall2-custom: iptables -t nat -A PREROUTING -i eth0 -s ! squid-server -p tcp --dport 80 -j DNAT --to squid-server:3128 iptables -t nat -A POSTROUTING -o eth0 -s local-net -d squid-server -j SNAT --to 172.16.23.1 iptables -A FORWARD -s local-net -d squid-server -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

in the fw_custom_after_antispoofing hook, and others, but failed so far.

Source: http://tldp.org/HOWTO/TransparentProxy-6.html

Any other way to archive something similar is welcomed of course, e.g. redirect 0/0:80 to squid-server:3128, but squid-server itself.

Thanks, Pete