On Monday 27 August 2018 at 16:04:16, zo_av wrote:
> I'm trying to redirect all of my subnet traffic to a transparent squid
> proxy using iptables on the router gateway (the squid proxy is located in
> the LAN).
So long as you use policy routing for this, and not address translation, it's
> I can browse sites that are https but can't access http sites, the error
> that appears in the browser "ERR_EMPTY_RESPONSE"
> also I got this errors in the cache.log file:
> NF getsockopt(ORIGINAL_DST) failed on local=192.168.0.110:3129
> NAT/TPROXY lookup failed to locate original IPs on local=192.168.0.110:3129
Sounds like you're using NAT and not routing :(
> I'm using:
> Squid version:3.5.27 The iptables lines that we used for the redirection:
> 192.168.0.110:3129 - the squid box port+IP. 192.168.0.1 - the router's IP.
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
> iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.110 --dport 3129 -j SNAT
> --to-source 192.168.0.1
Nope; won't work.
> These are the lines that we have changed/added to the squid.conf:
> acl localnet src 192.168.0.0/24
> http_access allow localnet
> http_port 3128
> http_port 3129 intercept