If you are trying to setup a transparent proxy on a Linux machine that has been configured as a bridge, you will need to add one additional iptables command to what we had in section 5. Specifically, you need to explicitly allow connections to the machine on port 3128 (or any other port squid is listening on), otherwise the machine will just forward them over to the other interface like a good little bridge. Here’s the magic words:
- iptables -A INPUT -iÂ interfaceÂ -p tcp -dÂ your_bridge_ipÂ -sÂ local-networkÂ --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
ReplacingÂ interfaceÂ with the interface that corresponds toÂ your_bridge_ipÂ (typically eth0 or eth1). First time bridge users should also note that you’ll probably want to repeat the same command with “3128” replaced by “telnet” if you want to administer your bridge remotely.