I. Iptables for Nat
WAN = eth0 has an Internet IP address xx. xx
LAN = eth1 has an intranet IP address yy. yy/255.255.0.0 step #8. Use IP Tables to configure Nat
# Delete and refresh default tables, such as "filter", and other tables such as "Nat", which must be clearly marked:
Iptables-flush # refresh all filtering rules and Nat tables.
Iptables-Table nat-flush
Iptables-delete-chain # delete all non-default rule chains and Nat tables
Iptables-Table nat-delete-chain # create IP Forwarding and disguise
Iptables-Table nat-append postrouting-out-interface eth0-J Masquerade
Iptables-append forward-in-interface eth1-J accept 2. Iptables + squid transparent proxy modprobe ip_tables
Modprobe iptable_nat
Modprobe iptable_filter
Modprobe ip_conntrack_ftp
Modprobe ip_nat_ftp
Add necessary modules of iptables for calling. Echo 1>/proc/sys/NET/IPv4/ip_forward
Enable the "forwarding" function. Enables data packets to flow between different NICs ". Iptables-T Nat-A postrouting-s 192.168.100.0/24-O eth2-j snat -- To a. B .c.d
Iptables-T Nat-A postrouting-s 192.168.168.0/24-O eth2-j snat -- To a. B .c.d
Iptables-T Nat-A prerouting-s 192.168.100.0/24-I eth0-P TCP -- dport 80-J redirect -- to-port 3128
Iptables-T Nat-A prerouting-s 192.168.168.0/24-I eth1-P TCP -- dport 80-J redirect -- to-port 3128
The above four statements are important and the key to transparent proxy. The first two sentences are used to convert the source address, that is, to convert the Intranet address to the Internet address. After executing these two statements, the Intranet machine can access the Internet even if there is no squid.
The following two sentences are "port redirection" for the TCP protocol entry from two Intranet NICs and the destination port number is 80 ". Redirect to port 3128. In this way, squid can receive this packet.
OK! If your squid is correct and you have executed the preceding statement, no error is reported. Congratulations! A transparent proxy with iptables + squid is created. If you do not believe this, you can test the following two methods: first, log on:
Http://ipid.shat.netThis is a foreign website that displays your Internet IP address and whether your website has been proxy. The second is to download an object from an intranet machine or view a webpage with many and slow images, then go to another Intranet machine to download the same file or view the image webpage. Ratio
A little faster, you can feel it.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
