TomatoUSB

I am having trouble getting WHS2011 and transparent squid proxy to play nice. before my server's remote access worked without a hitch by going to *.homeserver.com. Once I started running squid in transparent mode I could no longer access it and the web address resolved to 192.168.0.2 (WHS internal IP).

Initial firewall rules

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

I've added "iptables -t nat -A PREROUTING -i br0 -s 192.168.0.2 -j ACCEPT" but now if I try to ping *.homeserver.com it says could not find host.

Any help would be appreciated.

are you runing also snort ?

No.

I would make sure Squid is running as the gateway IP (e.g. 192.168.1.1), that you have the Access Control restricted to just your LAN subnet (192.168.1.0/24), and also confirm the port number is still matching this code (3128 for now). Then plug this into your firewall…

insmod ipt_REDIRECT
ip rule add fwmark 2 table 2
ip route add default via 192.168.1.1 dev br0 table 2

iptables -t mangle -I INPUT -s 192.168.1.0/24 -p tcp -j MARK --set-mark 2
iptables -I INPUT -p tcp -m mark --mark 2 -j ACCEPT
iptables -t nat -I OUTPUT -p tcp -m mark --mark 2 -j REDIRECT --to-port 3128

You can then SSH into your router and execute: service firewall restart

This works amazing on just about any proxy setup with the correct IP and port numbers in the configuration file.

why complicate ?
this is all you need:

iptables -A PREROUTING -t nat -i br0 -p tcp —dport 80 ! -s $PROXY_IP -j REDIRECT —to-port 3128