The only down side is setup.
And will it survive a upgrade.
Amazing job Jon
Would a more basic firewall rule work.
Streaming device
NAT
AWS “host group”
Ports “service group”
AWS ipset as host group ?
It is placed in the firewall.local file. So it should survive just fine.
I tried the basic firewall rules in the start but I could not get things to work. I may try again if I get curious…
How did you get or generate
The ipset for this?
with these three lines:
The location line creates the set. And the ipset restore is the input for all of the lines. Easy peasy!
EDIT: updated code block
2 Likes
A WUI way to add ASN (locations)
Could be a nice feature.
1 Like
here ya go!
thoughts? comments?
4 Likes
Fantastic work. I just changed few words to make a sentence a bit shorter. Feel free to reverse it if you do not like it.
I would add a sentence to explain that IPTables is the main actor of the transparent feature as it passes the traffic to Squid. This way it becomes more clear why the problem is solved through iptables and not acls, besides the quote of Squid documentations.
Please let me repeat what an outstanding job @jon did here.
2 Likes
Feel free to add!
This is the iptable section I am bypassing:
. . .
-A SQUID -d [my_external_IP]/32 -i green0 -p tcp -m tcp --dport 80 -j RETURN
-A SQUID -i green0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A SQUID -d [my_external_IP]/32 -i blue0 -p tcp -m tcp --dport 80 -j RETURN
-A SQUID -i blue0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
It is located at the bottom of the NAT table.
iptables --list-rules --table nat
2 Likes
I do not feel comfortable to modify your text (besides minor editing). You linked this thread to the wiki article, so the information is available. Thanks again for all the work you put in this project and sharing the result with everyone.
Edit: I edited the page to add a reference to the proxy setup page of the wiki that explains what a transparent proxy is.