One
quick note: This will not work for port 443. squid can only
transparently proxy for normal http traffic. If you want to deal with
https, you have two choices: either snat/masq/route the connection, bypassing
squid entirely (which cuts out some squid overhead and can be done
transparently) or tell the browser to use the the squid box on port 3128 to
proxy for https traffic (which I believe gives you somewhat nicer logging and
ACL-ability). When a browser is configured to use a proxy server for https
it makes the connection to the proxy, issues a command something like CONNECT
server:port (I'm not sure of the syntax) and then treats that like a tcp
connection to the server it's trying to get in touch with (starting up ssl and
such). If it's not configured to use a proxy, then it just makes the tcp
connection to the destination server on 443, and starts up ssl
immediately. A proxy can't intercept that
transparently.
-Joe
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Atlas
Sent: Thursday, May 30, 2002 4:18 PM
To: [EMAIL PROTECTED]
Subject: Quick QuestionHello Everyone. I hope you all can help me, I'm sure you can (it seems like a pretty simple problem).I am setting up a Squid proxy server to run in transparent mode. To do this, I need to forward all port 80 and 443 traffic to squids' port, 3128. Additionally, I would like all other traffic on all other ports to forward on to the router.I have found a script to forward port 80 to squid (note: eth1 is my internal interface, eth0 is external):iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128I assume I can run the same line for 443:iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128However, what can I use to forward EVERYTHING that is not port 80 out of the eth0 interface, to our router (192.168.0.2)?I know it has something to do with --dport ! 80, but I can't figure it out.Thanks for your help.BTW, this is RedHat 72. if that makes any difference. Linux kernel 2.4.9-31.-mike______________________________________________
Mike Atlas 703.385.8362(v)
Senior System Engineer 703.385.3674(f)
Vista Innovation www.vistainnovation.com
