Closed b2cbd closed 4 years ago
Have anyone implemented squid transparent http proxy with coova-chilli? I couldn't make it work yet. There is no error in squid log.
In squid-3.4.8 we must have to specify a forward port with intercept port; /etc/squid3/squid.conf
http_port 3128 # Forward Proxy port for client http_port 3127 intercept # Intercept port for Http
Enabled both port at /etc/chilli/config
HS_TCP_PORTS="80 443 22 2812 53 3990 3127 3128"
Enabled IP Forwarding
cat /proc/sys/net/ipv4/ip_forward #1
/etc/chilli/ipup.sh
ipt -I PREROUTING -t nat -i $TUNTAP -p tcp -s $NET/$MASK ! -d $ADDR --dport 80 -j REDIRECT --to 3127 ipt -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE ipt -I PREROUTING -t mangle -p tcp -s $NET/$MASK -d $ADDR --dport 3127 -j DROP
So my final iptables rules will look like this:
*nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A PREROUTING -s 10.1.0.0/24 ! -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127 -A POSTROUTING -o eth0 -j MASQUERADE *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A PREROUTING -s 10.1.0.0/24 -d 10.1.0.1/32 -p tcp -m tcp --dport 3127 -j DROP -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu *filter :INPUT ACCEPT [238:21186] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [200:22587] -A INPUT -i eth1 -j DROP -A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT -A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3127 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 2812 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -j DROP -A FORWARD -i tun0 -o eth0 -j ACCEPT -A FORWARD -i tun0 ! -o eth0 -j DROP -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -o tun0 -j ACCEPT -A FORWARD -i tun0 -j ACCEPT -A FORWARD -o eth1 -j DROP -A FORWARD -i eth1 -j DROP
netstat -plant
tcp6 0 0 :::3127 :::* LISTEN 1783/(squid-1) tcp6 0 0 :::3128 :::* LISTEN 1783/(squid-1)
Can you please tell me what's wrong here?
Have anyone implemented squid transparent http proxy with coova-chilli? I couldn't make it work yet. There is no error in squid log.
In squid-3.4.8 we must have to specify a forward port with intercept port; /etc/squid3/squid.conf
Enabled both port at /etc/chilli/config
Enabled IP Forwarding
/etc/chilli/ipup.sh
So my final iptables rules will look like this:
netstat -plant
Can you please tell me what's wrong here?