1

I have setup a basic Squid + DansGuardian virtual machine that I was to use for the monitoring and blocking of certain websites. Currently, web traffic goes through a router set as the gateway - the IP address of this is handed out by a DHCP service on a Linux server. I'd like to route some clients to a different gateway, based on their MAC address (which I can do already). The setup is as follows: 

Router (Gateway) - 192.168.0.1
DHCP/DNS Server  - 192.168.0.10
Squid Server     - 192.168.0.254
Client PCs       - 192.168.0.100-199

However, most tutorials seem to require that Squid accepts traffic on 1 NIC and then relays it to the outside world on another NIC, on a different subnet.

Is it possible to have Squid accept traffic on it's IP (192.168.0.254) and relay it to the gateway (192.168.0.1) to leave the building as normal? If so, does anyone have the relevant iptables rules they could give me?

fistameeny
  • 133

1 Answers1

1

You need not to have the separate interface for this purpose.

Just add a rule to redirect the HTTP traffic and to NAT the rest appropriately:

iptables -t nat -A PREROUTING -i eth0 -m iprange --src-range 192.168.0.100-192.168.0.199 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -m iprange --src-range 192.168.0.100-192.168.0.199 -j SNAT --to-source 192.168.0.254

It is assumed, that the default policy for all chains is set to accept. Also, you will need the ipv4 forwarding to be enabled at this host and it's default gateway should be set to 192.168.0.1.

Serge
  • 2,768