Debian+iptables+transparent squid
Форум — Admin
Ткните меня в то место где я туплю. Развернул лабу. Шлюз + клиент. На шлюзе eth0 смотрит в тырнет eth1 в локалку.
eth0 Link encap:Ethernet HWaddr 08:00:27:37:06:f3
inet addr:192.168.20.150 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe37:6f3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:59534 errors:0 dropped:102 overruns:0 frame:0
TX packets:44468 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69660522 (66.4 MiB) TX bytes:4290251 (4.0 MiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:06:b3:dc
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe06:b3dc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47333 errors:0 dropped:0 overruns:0 frame:0
TX packets:72819 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4213124 (4.0 MiB) TX bytes:69997152 (66.7 MiB)
http_port 3128 transparent
acl LAN src 192.168.1.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow LAN
http_access allow localnet
cache_dir ufs /var/spool/squid 20000 16 256
acl all src all
access_log /var/log/squid/access.log squid
# Generated by iptables-save v1.4.14 on Tue Feb 3 08:30:27 2015
*filter
:INPUT ACCEPT [520:86027]
:FORWARD ACCEPT [766:150202]
:OUTPUT ACCEPT [13557:9144442]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Feb 3 08:30:27 2015
# Generated by iptables-save v1.4.14 on Tue Feb 3 08:30:27 2015
*nat
:PREROUTING ACCEPT [433:39282]
:INPUT ACCEPT [346:33886]
:OUTPUT ACCEPT [173:13262]
:POSTROUTING ACCEPT [173:13262]
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Feb 3 08:30:27 2015
# Generated by iptables-save v1.4.14 on Tue Feb 3 08:30:27 2015
*filter
:INPUT DROP [520:86027]
:FORWARD ACCEPT [766:150202]
:OUTPUT ACCEPT [13557:9144442]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.20.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Tue Feb 3 08:30:27 2015
# Generated by iptables-save v1.4.14 on Tue Feb 3 08:30:27 2015
*nat
:PREROUTING ACCEPT [433:39282]
:INPUT ACCEPT [346:33886]
:OUTPUT ACCEPT [173:13262]
:POSTROUTING ACCEPT [173:13262]
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
COMMIT