Re: [m0n0wall] Settings For Squid Transparent Proxy

From:	Marko Vukovic <marko at aquamanta dot co dot za>
To:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Settings For Squid Transparent Proxy
Date:	Fri, 03 Feb 2006 18:03:54 +0200

Ryan Wagoner wrote:
> I have m0n0wall setup between my DSL modem and home network. Its IP
> is 10.10.1.1. I have a Fedora squid server running at 10.10.1.6. What
> I want to do is setup a rule so that any oubound traffic on port 80
> not coming from squid 10.10.1.6 gets redirected to squid. That why I
> can have a transparent proxy for port 80. How do I go about doing
> this? I know I need the rule on the LAN side, but can the rules page
> redirect traffic?? I thought this was only possible from NAT. I just
> don't want to put in some random rules and upset the network.

Hi Ryan

What I did was to make the Squid box do IP forwarding "echo 1 > 
/proc/sys/net/ipv4/ip_forward" and set the clients' default gateway to 
it. On the m0n0wall, create a rule allowing only this machine out on 
TCP/80 (HTTP).

If your m0n0wall is doing DHCP, manually add this into the config file 
in the DHCP section:
<gateway>10.10.1.6</gateway>

Not too elegant but it works ;)

--
Marko