nixCraft

I have a transparent proxy server setup. If it's http stuff, it sends it to port 3128 for caching. Otherwise it goes on to the gateway. The issue arises in that some of us have access to a different network than others and there is no way to segregate the ip's right now since they all show as coming from the proxy server's ip.

How can I configure iptables to nat any non-http packets as the originating ip?
For example:
My personal computer is 192.168.1.100. My ip has access to the 192.168.2.0 network.
The proxy server is 192.168.1.2.
The gateway is 192.168.1.1.

If attempt to ssh to 192.168.2.10, it gets denied at the gateway because it thinks the proxy is trying to access that network.

I need to send the packets from the proxy masqueraded as my computer's ip so that the gateway will allow it.
The originating ip is not always the same. We have about 200 machines.

It looks like nat is only configured for port 80 squid. To allow port 22 (ssh) and others you need to reconfigure iptables firewall.

__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.

The firewall is already configured to allow ssh. The issue is I need to forward the ssh packets on to the gateway and make it look like it's coming from the original ip, not the proxy's ip. The wrench in the system is that the originating ip can be many different ones. How can I spoof or masquerade as the original ip?

Dear Friend,

for transparent squid,you need to redirect all your internal LAN 80 port traffic onto squid port 3128.It's very easy way.

Another thing,by default,sshd service is allowed in linux.So,if you have implemented any "iptables" rule, then remove it or allow your sshd port 22 from inside LAN.

Also,please send me your complete scenario,bcoz you have 2 networks i.e.192.168.1.0 & 2.0 ,So it is little bit confusing.