> I have Squid in one machine and i plan to set up firewall(iptables) on > the another machine and that firewall m/c IP going to be my machines > gateway. > I want to redirect that some 80 request squid and some 80 request to > another server(ex apache ) based on anything.
Well, here's an example: EXTIF=eth0 INTIF=eth1 EXTIP=123.45.6.7 INTIP= 192.168.2.1 #firewall INTNET=192.168.2.0/24 SQUID=192.168.2.2:8080 #proxy APACHE=192.168.2.3:80 #server iptables -t NAT -A PREROUTING -p tcp --dport 80 -i $INTIF -d $INTIP -j DNAT --to $SQUID #proxy internal requests. iptables -t NAT -A PREROUTING -p tcp --dport 80 -i $EXTIF -d $EXTIP -j DNAT --to $APACHE #serve external requests If you want to transparently proxy all internal HTTP requests to the Internet at large, make sure you set squid up for that and then change the first rule to iptables -t NAT -A PREROUTING -p tcp --dport 80 -i $INTIF -j DNAT --to $SQUID #proxy internal requests. Note that if squid is on port 80 too, then you can't do this because then all of it's real HTTP requests to the internet would get DNATted back to it. In that case, both proxy rules would need a -s ! 192.168.2.2 (in this case, you could make a $SQUID_IP variable for that if you wanted). -EtherMage
