Posted by: Administrator
on September 02, 2004 05:19 AM
Nice article. To do transparent proxy on a single machine (as discussed here) needs IP_NF_NAT_LOCAL enabled in the kernel. In some distributions this is not enabled by default. It allows rerouting by nat on packets that originated in the box that iptables is being run on. Without this, iptables only operates on packets that are forwarded through the machine (i.e. acting as a router).
The rules I added to the shorewall start file were:iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner squid -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3182 -m owner ! --uid-owner squid -j REDIRECT --to-ports 8080