I am using PRIVOXY as a transparent proxy on a Fedora Core 11 box. The machine has one interface (eth0) and here is the configuration of the network:
10.0.1.1 - router.foobar.com (connected to ISP) 10.0.1.2 - proxy.foobar.com (proxy) 10.0.1.199 - DHCP server
I have set the default gateway option in DHCP to be 10.0.1.2 so ALL TRAFFIC destined for 0.0.0.0/0 SHOULD pass through it (and 10.0.1.1) on it's way out to the internet.
Here is my problem.... How do I ensure that traffic that is coming in/out of the network follows the correct path and does not create weird routing issues. I see some delays when using the proxy, but when I do a "straight shot" out to the net by changing my default gateway, I see no delays.
Here is my current iptables conf file:
# Generated by iptables-save v1.4.3.1 on Fri Jul 30 17:02:45 2010
*nat
:PREROUTING ACCEPT [1565:151406]
:POSTROUTING ACCEPT [1467:94514]
:OUTPUT ACCEPT [768:48101]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Fri Jul 30 17:02:45 2010
# Generated by iptables-save v1.4.3.1 on Fri Jul 30 17:02:45 2010
*filter
:INPUT ACCEPT [12764:10577001]
:FORWARD ACCEPT [3755:525228]
:OUTPUT ACCEPT [14364:12738086]
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
COMMIT
I know that I am missing something, I just don't know what... I think that I need to do something like:
-A POSTROUTING -i eth0 -o eth0 -d 10.0.1.0/24 --SNAT 10.0.1.1
The default gateway on 10.0.0.2 has to be 10.0.0.1,
/proc/sys/net/ipv4/ip_forwardmust be 1 and not 0.Also remember that privoxy is a proxy and it can add some delay.