[SC.LUG] transparent proxy with a single box and iptables
Robert Marshall
sc at mailman.lug.org.uk
Thu Jun 12 12:31:01 2003
Maybe someone here can unbaffle me....
I'm trying to do web filtering, I have a single linux box that isn't
attached to anything else (other than the internet :-))
I'm using squid and dansguardian which works fine when setting a proxy
via the browser except that I can't get transparent proxy to work
I think that with a single box I need something like
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8080
(dansguardian uses port 8080), this works fine and blocks unwanted
sites.
Unfortunately - of course - if a site isn't blocked - the request gets
sent round the forwarding loop again and squid kills it
What am I missing? do I need to do something via iptables so that it
recognises something emerging from squid or do I need to change
squid.conf somehow
All advice very welcome!
Robert
--
We must collect our thoughts. For the unexpected is always upon us. In the
street. At the door. On a stage. Thank you, Mr. Berio.