# Transparent Squid / Iptables truble

## StarF

Hi

I am trying to set up a transparent proxy. The squid part is working fine, how ever i seem to have some truble with my iptables rules, this is what i have done.

eth0 - management

eth1 - eth3 is made into a bridge br0

i then add these rules to take the trafic from the br0 and throw it through the squid:

```
bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \

        --ip-destination-port 80 -j redirect --redirect-target ACCEPT

bash# iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \

        -j REDIRECT --to-port 8090
```

then i do a iptables --list

and i only get this:

```

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

fedtmule@squid-adm-01:~$
```

same with ebtables

```
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

fedtmule@squid-adm-01:~$
```

From this guide:

http://freshmeat.net/articles/configuring-a-transparent-proxywebcache-in-a-bridge-using-squid-and-ebtables

also its working as a bridge just fine. I am unsure if its something in my proxy setup that can be the isue, of if its the ip/ebtables stuff?

the guide says something about these commands, i need to add to the squid config, if i do that i am getting errors on them?

```
httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

```

does anyone know what i am doing wrong?

----------

## massimo

First of all, do you just need a transparent proxy or do you really need the whole bridging scenario too? In any case you have to fix your Squid configuration since the lines from above will not work with recent releases of Squid.

----------

## StarF

i kinda need both. my bridge is working just have a isue with how i am supposed to redict traffic through the squid.

as i said, the squid is wokring fine if i use it directly, i am having truble figuring out what to do to make it transparent, or if it already is.

----------

## massimo

Which version of Squid is installed on your system?

----------

## StarF

its version 2.7

----------

## massimo

Squid listens on port 8090?

----------

## StarF

yes, and if i set it manualy in a browser it works fine.

it looks like either the data isent transfered into the squid, or squid is not allowing for transparent mode.

----------

## massimo

[EDITED]

What about squid's log files - any hints you can see there? Where is your client located respectively connecting from?

----------

## StarF

nothing in it, when using the bridge. so from that point it looks like it isent getting any trafik in. I guess it should still show something, even if it wasent alowed?

the client is connection from the same network as the squid. 

one more thing, it just strikes me.

I got havp running infront of squid to scan files from virus. This is working fine, when i am browsing the net through the proxy. But after i setup the bridge i am just getting a error, also from the mashine i cant ping outside, unless i restart (and remove the bridge).. its like it cant find its way out.

----------

## massimo

I'm not sure right now but try and add each and every interface with the command you used for br0:

```

iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \

        -j REDIRECT --to-port 8090

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \

        -j REDIRECT --to-port 8090

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \

        -j REDIRECT --to-port 8090

iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 \

        -j REDIRECT --to-port 8090

```

HTH

----------

## StarF

when adding those iptables rules along with the ebtables rule, i can now browse through the br0. But it dosent go through the squid still.. Nothing in the log. also on the linux console i cant ping outside. ie. ping google.com or something like that.

----------

## massimo

You can browse the web (browser connects through br0) but there is nothing in Squid's log files? If you turn of Squid are you still able to browse the web?

For ping you'd have to allow it explicitly (additional iptable rules).

----------

## StarF

yes i can still browse even though the squid is turned off.

----------

## massimo

Did you configure a proxy in your browser?

----------

## StarF

no, its just connected through the bridge...

----------

