Home / server / Questions / 280996
In Process
Eamorr
Asked: 2011-06-17 01:45:23 +0800 CST

iptables - forward from port 80 to Squid on port 3128 problem

  • 772

I have two boxes: 172.16.1.224 and 172.16.1.223.

Both are running Squid. I connect my browser to x.x.x.224, port 3128 using Firefox proxy settings. That works fine. If I connect my browser to x.x.x.223:3128 using Firefox proxy settings, it works fine.

Now, I'm trying to bridge the two boxes, such that when I connect o x.x.x.224:3124 using Firefox proxy settings, traffic gets routed to x.x.x.223 and then on to the web.

Any ideas on how I might do this? I'm struggling with iptables.

Many thanks in advance,

squid iptables

2 Answers

  1. That should do it:

    iptables -t nat -A PREROUTING -p tcp -d x.x.x.224 --dport 3124 -j DNAT --to-destination x.x.x.223:3128

    Furthermore if you don't already have another masquerading rule, you need

    iptables -t nat -A POSTROUTING -p tcp -d x.x.x.223 --dport 3128 -j SNAT --to-source x.x.x.224

    If you do this, you don't need to have squid running on .224, only on .223. But why can't you let clients connect to .223 directly ?

    • 1

  2. Given the network configuration you're trying to reproduce (high latency satellite link between the "real" .223 and .224 servers) I'd recommend against iptables.

    Instead I would just link the two proxy servers - following the FAQ, you basically have to configure the remote server as a cache peer so all requests are forwarded to it.

    This way you isolate the client better from the connection (TCP) latency and can easily cache content on the "right" side of the high latency connection.

    • 1