HTTP redirect to remote cache ============================= Public domain ******************************************************************************** ### NAT approach #!/bin/bash INTIF="eth0" EXTIF="eth1" LAN="192.168.246.0/24" CACHE="192.168.246.2" FIREWALL="192.168.246.1" # Fluch NAT rules iptables -t nat -F # Main Source NAT iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE # Cache Redirect iptables -t nat -A PREROUTING -i $INTIF -d $LAN -j ACCEPT iptables -t nat -A PREROUTING -i $INTIF -s ! $CACHE -p tcp --dport 80 -j DNAT --to $CACHE:3128 iptables -t nat -A POSTROUTING -o $INTIF -d $CACHE -j SNAT --to $FIREWALL # Pejman Moghadam # Wed May 6 18:20:24 IRDT 2009 ******************************************************************************** ### Policy routing approach #!/bin/bash CACHE="172.16.20.10" INTIF="eth1" ip rule add fwmark 1000 table 4 ip route add default via $CACHE dev $INTIF table 4 iptables -t mangle -F PREROUTING iptables -t mangle -A PREROUTING -i $INTIF -s ! $CACHE -p tcp --dport 80 -j MARK --set-mark 1000 ******************************************************************************** _BY: Pejman Moghadam_ _TAG: iptables, squid, iproute_ _DATE: 2009-05-27 23:54:11_