old-www/HOWTO/TransparentProxy-5.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Transparent Proxy with Linux and Squid mini-HOWTO: Setting up iptables (Netfilter)</TITLE>
 <LINK HREF="TransparentProxy-6.html" REL=next>
 <LINK HREF="TransparentProxy-4.html" REL=previous>
 <LINK HREF="TransparentProxy.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="TransparentProxy-6.html">Next</A>
<A HREF="TransparentProxy-4.html">Previous</A>
<A HREF="TransparentProxy.html#toc5">Contents</A>
<HR>
<H2><A NAME="s5">5. Setting up iptables (Netfilter)</A></H2>

<P>iptables is a new thing for Linux kernel 2.4 that replaces ipchains.  
If your distribution came with a 2.4 kernel, it probably has iptables
already installed.  If not, you'll have to download it (and possibly 
compile it).  The homepage is 
<A HREF="http://netfilter.samba.org/">netfilter.samba.org</A>.
You make be able to find binary RPMs elsewhere, I haven't looked.  For the
curious, there is plenty of documentation on the netfilter site.
<P>To set up the rules, you will need to know two things, the interface that
the to-be-proxied requests are coming in on (I'll use eth0 as an example) 
and the port squid is running on (I'll use the default of 3128 as an example).
<P>Now, the magic words for transparent proxying:
<P>
<UL>
<LI>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128</LI>
</UL>
<P>You will want to add the above commands to your appropriate bootup script
under /etc/rc.d/.  Readers upgrading from 2.2 kernels should note that 
this is the only command needed.  2.2 kernels required two extra commands 
in order to prevent forwarding loops.  The infastructure of netfilter is 
much nicer, and only this command is needed.
<HR>
<A HREF="TransparentProxy-6.html">Next</A>
<A HREF="TransparentProxy-4.html">Previous</A>
<A HREF="TransparentProxy.html#toc5">Contents</A>
</BODY>
</HTML>