Поставил связку, интернет получаю по ppp0 через eth0.
В локалку смотрит eth1 на eth1 192.168.5.2 висит сквид.
192.168.4.0/24 завернул собственно на на eth1 192.168.5.2
правилом
iptables -t nat -A PREROUTING -p tcp -s 192.168.4.0/24 -m multiport --dport 80,8080 -j REDIRECT --to-port 3128
Проблема если в браузере вручную написать прокси то все кроме гугла блочиться, если с подсети 4.0 зайти не прописывая прокси то просто страничка не открываеться.
конфиг сквида
# Squid normally listens to port 3128
http_port 192.168.5.2:3128 transparent
#
#Default:
# acl all src all
#
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: follow_x_forwarded_for
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3
# OPTIONS FOR FTP GATEWAYING
# -----------------------------------------------------------------------------
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
# example lin deb packages
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
smt-web@smtweb-ProLiant-DL180-G6:~$ ip a ; ip r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:26:55:80:83:e6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::226:55ff:fe80:83e6/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:26:55:80:83:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth1
inet 192.168.3.100/24 brd 192.168.3.255 scope global eth1:1
inet 192.168.4.99/24 brd 192.168.4.255 scope global eth1:2
inet 192.168.5.2/24 brd 192.168.5.255 scope global eth1:3
inet6 fe80::226:55ff:fe80:83e7/64 scope link
valid_lft forever preferred_lft forever
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 95.79.29.19 peer 10.86.255.126/32 scope global ppp0
default dev ppp0 scope link
10.86.255.126 dev ppp0 proto kernel scope link src 95.79.29.19
169.254.0.0/16 dev eth1 scope link metric 1000
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.2
192.168.2.0/24 via 192.168.0.116 dev eth1
192.168.3.0/24 dev eth1 proto kernel scope link src 192.168.3.100
192.168.4.0/24 dev eth1 proto kernel scope link src 192.168.4.99
192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.2
smt-web@smtweb-ProLiant-DL180-G6:~$