Transparent Squid = Not working (SOLVED)

Hello!
It has been a week since I´m trying to make this work.... But I simple cant make it...
I want to make some windows boxes to navigate throught squid with transparent proxy, I tryied a lot of things and nothing works..

Here´s my Squid.conf
-------------------------
http_port 3128
httpd_accel_host virtual
httpd_accel_port 3128 (tried port 80 too)
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Iptables rule that I´m using
--------------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

I´ve also tried Transproxy and didn´t work too
------------------------------------------------------
tproxy -s 80 -r nobody 192.168.0.100 3128

The boxes navigates throught ports 80 and 3128, but when I take off proxy configuration from connection tab in IE, it takes a long time to respond and terminates with a 404 error (IE error, not the squid page error).

It appears to me that the proxy and port redirection are working, but the windows boxes can´t use the proxy without the proxy configuration on connection tab in IE

Ps. Sorry for the poor English.. I´m Brazilian

Hope someone can help me! :unsure:

OOPPSSS maybe I´ve posted this in the wrong place... If some moderator thinks it belongs to network topics... just put it there! :wacko: Sorry!

I would recommened you to use the SuSEFirewall for that (you can easily configure it with Yast2). In there you can even specify a proxy server. I guess you can't go without proxy because all port 80 request are always redirected to 3128 - and I'm not sure but I guess IE gets something in return that it doesn't expect then.

Well...

I´ll try SuseFirewall then....

Thanks for the advice!

No problem - it is just that manual routing is possible - but especially with proxy etc. it might get tricky. SuSEfirewall is exactly designed for that - and I used it at home for a long time without the slightest problem

Well... I had a look and noticed that it have done a lot of changes in my iptables configuration....
Can´t get the squid to work, and I think thats not the solution I needed...

In the same linux box I´ve done something very tricky (maybe odd!? )... My Adsl connection doesn´t have fixed ip adress, so the linux box email me every time it change ips or reconnect to Adsl... And I have a job in Crontab that every 5 minutes connect to my ftp and gets a file, so every time I want to send a command to the linux box I just upload the command there. The firewall rules blocks everything coming from ppp0 (even ping!) to protect the lan and server, so to conect to the box (SSH, Webmin, etc) I need to upload one shell script to the ftp to change the firewall rules, so I think that SuseFirewall will be of no use to me...

Maybe if Susefirewall can save and restore various configurations (from file?)

What do you think?

Hmm - no that's not possible AFAIK.
Why don't you just always open SSH? I mean ssh isn't that insecure

Sure SSH its secure...

But to use it I´ll have to open my Outlook, see the server ip, copy into putty etc...

With the ftp conection i just run a send.bat with the old fashion CHOICE from dos
Don´t need to type any command and everything is fine, I have Webmin working and Vnc ports redirect etc....

Kinda lazzy UH!? :lol:

My brother is making a Delphi program to catch the ips from the email, send the commands and call the programs to use. :blink:

Whell thanks anyway!

I´ll still look forward to see if I can redirect the ports to use the proxy and dont need to configure it on the Windows Boxes... <_<
Saw in some place that I need to rebuild the Kernel (hope not! Just dont know how to do it...) pretty newbie!

In linux you will need a kernel with transparent proxying turned on,
transproxyd and ipfwadm. :angry:

Haha - well who isn't lazy?

However - it is for sure possible to do the redirect, and I'm quite sure that you don't have to recompile the kernel. Will try to find something on the net for it...

Long time in the internet looking for this...

Maybe you have a better bookmark than mine... :lol:

Thanks for all the support, hope some day I can help you

Haha - well maybe I can find something - who knows

No problem - that's why this forums are here - if you have any other questions, feel free to ask