Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Redirect traffic for transparent proxy
  • From: Jordi Espasa Clofent <jespasac@xxxxxxxx>
  • Date: Wed, 28 Dec 2005 13:17:35 +0100
  • Message-id: <200512281317.35518.jespasac@xxxxxxxx>
Hi all,

I'm trying to set up a machine with proxy-cache (Squid 2,5 STABLE); the
setting process is well-documented, but I've found a trouble when I want
redirect the traffic for transparent proxy. My goal is obvious: redirect all
traffic from port 80 (the clients) to port 3128 (the proxy in the server) to
set up transparent proxy.

The structure is:

Server eth0 -- connection to internet 192.168.1.2 (EXT)
eth1 -- connection to LAN 172.26.0.1 (INT)

Client eth0 -- connection to eth1 Server 172.26.0.x (where x is 2+)

1) In SuSE manual, the syntaxis of redirected traffic is (page 763 of
Reference Guide SuSE 10.0):

FW_REDIRECT_TCP="172.26.0.0/24,0/0,80,3128"
FW_REDIRECT_UDP="172.26.0.0/24,0/0,80,3128"

2) In the /etc/sysconfig/SuSEfirewall2 the comments of section 14 (┬┐whereis
section 15???) says the same line both protocols, TCP and UDP. So, the
correct syntaxis should be:

FW_REDIRECT="172.26.0.0/24,0/0,80,3128"

3) Both syntaxis (1 & 2) doesn't works in my server. Even I've tried to do it
with iptables:

iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -j REDIRECT
--to-port 3128

Apparently squid works fine; if I test without transparent proxy (setting the
client browsers to port 3128 directly) there isn't problems.

The trouble is redirect traffic.

--
Salut,
Jordi Espasa

< Previous Next >
Follow Ups