Transparent Proxy with Squid / iptables

If I understand you correctly, what you want to do isn't going to be handled simply by configuring iptables. The REDIR target can only be used to target processes running on the local system. I believe attempting to use a DNAT target to forward the to the remote squid box would remove some of the information the remote squid box needs to properly handle the request

If you allow me to guess a bit. I think you are trying to leave the default gateway as 192.168.1.1 on your host and then send your port 80 traffic across the vpn right?

The remote squid needs some configuration so that it can actually act as a transparent proxy. If you can setup the correct iptables redirection on the squid host, and the remote host is in the network path, then it is possible to do use some advanced routing to forward all port 80 requests across the vpn.

P.S. If I am understanding your needs correctly add a comment, I can update my answer with more details about how to setup routing.


Go to foo and do this: telnet 10.8.0.1 3128

Does it work? In that case your vpn works!

Can you do a

GET / HTTP/1.1
Host: www.heise.de

Will it show a page? Then squid is configured to work as transparent proxy!

In that case the simple rules from your link should work:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.8.0.1:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d 10.8.0.1 -j SNAT --to iptables-box

(foo is the iptables-box you are working on)

Does this work?