Transparent proxy single machine question

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ken scott <kscott9@triad.rr.com>
To: netfilter@lists.netfilter.org
Subject: Transparent proxy single machine question
Date: Sat, 26 Jun 2004 17:24:44 -0400	[thread overview]
Message-ID: <40DDE99C.7060001@triad.rr.com> (raw)

I am trying to build a single machine that  performs web filtering
(using DansGuardian)  for several users.
The box (Morphix/Debian system) will be behind a cable router and has
five users (kids).
I have running Dansguardian and Squid correctly in normal proxy mode.
The next step is to make the proxy transparent
so that users cannot bypass the Danguardian/squid path simply by telling
their browser to connect directly.
I have looked around and see instructions on this at several places
(mostly for non-single machine implementations)
and know I need a line something like like:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8181

       where 8181 is where Dansguardian is listening.

I also need to configure squid with (I think) :

http_port 3128     # where squid is listening
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy  on
httpd_accel_uses_host_header on
httpd_accel_single_host off

The question is, on a single machine, will this work?
The part I can't figure out pertains to when squid finally wants to send 
out the actual
request to the internet, isn't that a port 80 request that the above 
iptables rule will
redirect back to Dansguardian??
Please reply all as I am not quite sure than I have joined the list 
correctly.
Thanks in advance
Ken S.

next             reply	other threads:[~2004-06-26 21:24 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-26 21:24 ken scott [this message]
2004-06-26 21:51 ` Transparent proxy single machine question Dimitar Katerinski
2004-06-26 22:09   ` ken scott
2004-06-26 22:42     ` Dimitar Katerinski
2004-06-27  0:52       ` ken scott
2004-06-27  1:16         ` Dimitar Katerinski
  -- strict thread matches above, loose matches on Subject: below --
2004-06-26 21:14 ken scott

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40DDE99C.7060001@triad.rr.com \
    --to=kscott9@triad.rr.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.