[ale] Transparent Proxy - Almost There

[BruceG]

On Monday 03 May 2004 09:50, James P. Kinney III wrote:
> On Mon, 2004-05-03 at 09:12, BruceG wrote:
> > You are supposed to be able to add the script to cron for weekly diffs
> > and monthly full updates. I haven't got that far yet. I think I'll let
> > this run for a week or so, then consider adding a second nic to the
> > server and making it a transparent proxy.  That seems like a steep
> > learning curve, so I'll give it a little more thought.
>
> It's not as hard as you think! Just make the the squid box the gateway
> and run the following iptables command:
>
> iptables -t nat -I PREROUTING -p tcp -i <ethx for internal connection>
> --dport 80 -j REDIRECT --to-port <ip address of gateway>:<port that
> squid listens on>
>
> This requires no changes on any web browser that uses that gateway
> machine, i.e., transparent.

James - thanks for the info above. Could you clarify please?
I have a Linksys BEFSX41 router with 192.168.1.0 subnet on it's LAN port. My 
office laptop is on that subnet (don't want to go through the proxy, it 
caused problems with PC firewall and VPN software). So - 192.168.1.0 is my 
non-filtered subnet.

I set up a VLAN on my switch for proxied devices. My proxy server has 2 nics. 
Eth0 (192.168.1.25) on the 192.168.1.0 subnet. Eth1 (192.168.2.1) on the 
192.168.2.0 subnet. I am not doing NAT on the proxy as I am doing NAT on the 
Linksys. My wireless WAP54G and WET11 bridge, desktop and kids laptop are on 
the 192.168.2.0 subnet.

Routing is working. All packets from the 192.168.2.0 subnet are hitting my 
proxy server on eth1 and routing out through eth0, then on to the Linksys. 
DHCP is working, and I'm just pointing to the Linksys for DNS. Manual 
proxying is fine (specifying the proxy server and port in Mozilla).

Now - to force packets through the proxy, would I do:
iptables -t -l PREROUTING -p tcp -i eth0 -dport 80 -j REDIRECT --to-port 
192.168.1.25:3128

Is that the last step?