# TRANSPARENT WEB-CACHING USING NETFILTER, IPROUTE2 AND SQUID. --IMPLEMENTATION-- ADDRESSES USED 10.0.0.1 [ netfilter iptables gateway server] 10.0.0.2 [ ICG Squid server] 10.0.0.3 [ Main Cisco router] 10.0.0.4 [ Ldap Server] 10.0.0.5 [ Ras] ----------------\ NETWORK DIAGRAM \ ----------------\ INTERNET | [Cisco router 10.0.0.3] | ------HUB/SWITCH------------------------------------------------------------------------ | | | | | | | | | Etc. Netfilter ICG Ldap RAS Iptables Squid Server [ip=10.0.0.5] [gw=10.0.0.1] Gateway Server [ip=10.0.0.4] [gw=10.0.0.1] Server [ip=10.0.0.2] [gw=10.0.0.1] [ip=10.0.0.1] [gw=10.0.0.3] [gw=10.0.0.3] ### REDIRECT PORT 80 TRAFFIC TO PORT 3128 ON MY SQUID SERVER ICG-Squid #-> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 ### POLICY ROUTING WITH IPROUTE2 AND IPTABLES ON NETFILTER IPTABLES SERVER IPTABLES-NETFILTER #-> iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-mark 2 IPTABLES-NETFILTER #-> echo 202 www.out >> /etc/iproute2/rt_tables IPTABLES-NETFILTER #-> ip rule add fwmark 2 table www.out IPTABLES-NETFILTER #-> ip route add default via 10.0.0.2 dev eth0 table www.out IPTABLES-NETFILTER #-> ip route flush cache ### DISABLE ICMP REDIRECTS IPTABLES-NETFILTER #-> echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects IPTABLES-NETFILTER #-> echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects IPTABLES-NETFILTER #-> echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects ### SETUP IS COMPLETED ..NOW CHECK THE CONFIGURATION IPTABLES-NETFILTER #-> iptables -t mangle -L IPTABLES-NETFILTER #-> ip rule ls IPTABLES-NETFILTER #-> ip route list table www.out IPTABLES-NETFILTER #-> ip route ls