Ok so I’m running a transparent proxy on my home network. Everything was well and good until I came home from New York to find my ReplayTV sitting doing nothing because it had no program guide. I couldn’t figure out what was going on until I switched providers on the Channel Guide. Then I got
Unexpected error 93a6000b
After some digging I found this archive post Basically - transparent proxy and squid don’t play well together.
I would like to keep the transparent proxy and the replay. Here are the current rules for my transparent proxy.
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s 192.168.210.0/24 -d 192.168.210.0/24 -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! 192.168.210.254 -p tcp --dport 80 -j DNAT --to 192.168.210.254:3128
/usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s 192.168.210.0/24 -p tcp -d 192.168.210.254 -j SNAT --to 192.168.210.1
/usr/sbin/iptables -t filter -I FORWARD -s 192.168.210.0/24 -d 192.168.210.254 -i br0 -o br0 -p tcp --dport 3128 -j ACCEPT
I’ll admit I just don’t know that much about iptables. Anyone know an easy way to tell the router to not forward 192.168.210.250 (ip of my replay) on to the squid?
February 20th, 2007 at 1:47 pm
Dude, I emailed this to you in the past… I had to make the same exclusion for my Tivo back in the day. :P
I’m assuming your squid box is 192.168.210.254….
iptables -t nat -I PREROUTING -s ADDRESS-OF-REPLAY -p tcp --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -s ! 192.168.210.254 --dport 80 -i br0 -j DNAT --to-destination 192.168.210.254:3128
iptables -t nat -I POSTROUTING -o br0 -d 192.168.210.254 -s 192.168.210.0/24 -j SNAT --to-source 192.168.210.1