I am running RedHat Linux 7.0 with kernel version 2.4.2. This linux box has 2 interfaces.
The external (public) interface [eth1] has an IP of 220.127.116.11 and the internal interface [eth0]
(private) has an IP address of 172.16.1.254. I am running iptables (aka netfilter) on this
box so that other clients (microsoft Windows 98/NT/2k) on the private network can
access the Internet. Everything is working smoothly and I am quite happy with it.
Now I would like to implement squid (aka proxy server) on another linux box in my private
network (this linux box has an IP address of 172.16.1.253) so that I can improve Internet
access performance for internal clients. After installing and configuring squid, I run the
following command to make sure that squid is running properly:
/usr/local/squid/bin/client -h 172.16.1.253 -p 3128 http://www.washingtonpost.com
I look at the /usr/local/squid/logs/access.log file and see that squid if functioning properly.
To make sure that squid is also functioning properly, I configure the Netscape browser
on one of the clients (IP 172.16.1.100) to point to the squid server (in netscape,
edit, Preferences, Advanced, proxies and specify the IP address and the port 3128).
In summary, squid works.
Now, what I would like to accomplish is to configure squid server to run in transparent
caching mode. I do NOT want to go to every-clients and reconfigure the browser to point
to the squid server. Because I am running ipmasquarade (NAT) on the main linux box, so
I put the following lines in the rc.firewall script:
#Accept port 3128 for squid
$IPT -A INPUT -p tcp --destination-port 3128 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 172.16.1.253:3128
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to 172.16.1.253:3128
$IPT -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.1.253:3128
what this accomplished is to redirect any traffic (80 or 443) that hits the internal interface of
linux box (ip 172.16.1.254) to the squid server and see if the information is already in the
cache. Only go to the Internet if necessary.
Well, it does NOT work. Because I am not a linux expert, I am stuck at this point. I don't know
how to prceed from here. If anyone in the group has done this or something similar to this, please
show me how.
Sorry for a very long mumbo-jumbo question.