Next Previous Contents

5. Setting up ipchains

ipchains should be installed with almost every recent distribution (anything based on kernel 2.2). However, should you not have ipchains, you can get it from ftp://ftp.rustcorp.com/ipchains/. ipchains is a very powerful tool, and we'll only scratch the surface here. For more information, please see http://www.rustcorp.com/linux/ipchains/HOWTO.html for the ipchains HOWTO.

To set up the rules, you will need to know two things, the IP address of the box (I'll use 192.168.1.1 as an example) and the port squid is running on (I'll use the default of 3128 as an example).

First, we need to allow packets destined for any actual webserver on this box through. We should setup both the loopback interface and the ethernet interface. You should not skip this step even if you no actual webserver on your box, as the absence of these rules can create infinite forwarding loops where the proxy tries to connect to itself. Use the following commands:

Now, the magic words for transparent proxying:

You will want to add the above commands to your appropriate bootup script under /etc/rc.d/.


Next Previous Contents