I have a router box set up with eth0 as wan and eth1 as lan, and a basic firewall set up as so:
[code]#!/bin/bash
# Flush all current rules from iptables
iptables -F
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Set access for localhost
iptables -A INPUT -i lo -j ACCEPT
# SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
# Pings
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW -j ACCEPT
# DHCP
iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
# Squid Proxy
iptables -A INPUT -p tcp --dport 3128 -m state --state NEW -j ACCEPT
# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Save settings
service iptables save[/code]
Squid is set up to work transparently. I can browse the web by putting the proxy setting in the browser, but not without. The rule I added to the above was:
[code]iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128[/code]
... but it doesn't seem to work.
I'm also stuck getting HTTPS browsing to work, I've tried various rule examples that I found by searching but none of them seem to work - the result is an instant "Firefox can't find the server at https://..."
Thanks for your help.
iptables newbie: help with transparent proxy, ssl
iptables newbie: help with transparent proxy, ssl
can you post the squid configuration pls