Iptables redirection to main proxy after filter on local proxy

in flag

I manage a subnet linked to an Institutional network (IN). Internet access from my subnet is through a proxy with credentials (they are not related to the users of my domain) in the IN. I need to apply several filters that are not implemented by that proxy. For that purpose I use squid on my local network with a non-transparent proxy. The problem is that after filtering with squid, I need to redirect to the IN proxy. I implement an iptables DNAT in PREROUTING and that way my clients are authenticated and navigate correctly. The issue is that when I change the destination address of the packets they don't go through my firewall .

iptables -t nat -A PREROUTING -o eth0 -p tcp --dport 8080 -j DNAT --to-destination

I need something like this

iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 8080 -j DNAT --to-destination 

Is it correct when I assume that the normal route of packets in iptables directed to my proxy is ...,INPUT, LOCAL PROCESSES(run squid), OUTPUT,...? Thanks in advance

djdomi avatar
za flag
you can set up squid to use a other proxy for the next hop, did you consider it?
Edel Rojas avatar
in flag
Not really. I didn't know that squid has that functionality. It is similar to proxychains?
djdomi avatar
za flag
similar said to keep it simple, yes

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.