Routing internet on NAT server thru Squid proxy

nat;squid

I've configured a Squid proxy and a NAT instance and both are functioning fine.

Now I want to configure a proxy server on the NAT instance so that the internet on NAT is routed through the Squid proxy server.

This set up is configured on CentOS 6.3.

Best Answer

To transparently intercept traffic use policy based routing via NAT to redirect the web traffic to the squid proxy, then intercept it.

Set policy routing on your GW or NAT box, adjust the ip's and interfaces to suit. Your diagram implies the first rule to allow your squid box access to the internet might not be needed.

iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s squidip
iptables -t mangle -A PREROUTING -j MARK --set-mark 8 -p tcp --dport 80
ip rule add fwmark 8 table 2
ip route add default via squidip dev eth0 table 2

Then intercept on the Squid Proxy. This rule can be more specific if there's any chance other data on port 80 needs to go through this box.
```
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3129
```
On the Squid box, squid.conf
```
http_port 3129 intercept
```

If you need to support IPV6, squid have a tproxy config example for CentOS.

Best Answer

Related Solutions

Set monthly data limit for internet proxy (squid) users

Related Question