Transparent proxy redirect remote box
If your proxy server (squid and/or dansguardian) is not on your gateway you can also set it up to be transparent.
In my examples gateway ha address 192.168.1.1, and squid server has address 192.168.1.28 and listen on 8080 port.
There is configuration using iptables directly:
iptables -t nat -I PREROUTING -i eth0 -s ! 192.168.1.28 -p tcp --dport 80 -j DNAT --to 192.168.1.28:8880 iptables -t nat -I POSTROUTING -o eth0 -s 192.168.1.0/24 -d 192.168.1.28 -j SNAT --to 192.168.1.1 iptables -I FORWARD -s 192.168.1.0/24 -d 168.13.28 -i eth0 -o eth0 -p tcp --dport 8880 -j ACCEPT
and this is the same in Gargoyle /etc/config/firewall file (you can edit it or use uci add firewall commands):
config redirect
option name 'P12 to Squid DNAT'
option src 'lan'
option proto 'tcp'
option dest_port '8080'
option src_dport '80'
option src_dip '! 192.168.1.1'
option dest_ip '192.168.1.28'
option src_ip '! 192.168.1.28'
config redirect
option name 'P12 to Squid SNAT'
option dest 'lan'
option proto 'tcp'
option src_dip '192.168.1.1'
option dest_ip '192.168.1.28'
option src_ip '192.168.1.0/24'
option target 'SNAT'
config rule
option name 'P12 to Squid'
option dest 'lan'
option dest_port '8080'
option proto 'tcp'
option src_ip '192.168.1.0/24'
option dest_ip '192.168.1.28'
option target 'ACCEPT'
after editing /etc/config/firewall file you have to restart firewall:
/etc/init.d/firewall restart
Kommentare
Bitte melden Sie sich Logan oder registrieren Sie sich um kommentieren zu können.