Hello,
I want to use squid as a transperent proxy in my local network to cache HTTP for example. If I understand it correctly, it is necessary to direct any outgoing network traffic through the PI. It follows that the BananaPI has to interact as a gateway. Any ethernet port at my PI is bridged to br0 (192.168.2.1/24). At the end, my setup should look like this:
I haven’t done much with iptables yet. Any ideas to configure the firewall right? IPv4 forwarding is active.
Imho you can’t connect any ethernet to br0 because you have to route traffic to your proxy and behind it…you can bridge lan-ports,route http (port 80) to your proxy which uses your gateway to get page from internet,caches it and sends it back to client.
Imho only few pages use http without ssl…and https cannot be used because of structure of it (mitm,ssl-handshake,certificate)
I want to redirect any incoming traffic addressed to “0.0.0.0:80 ! 192.168.1.0/24” to the intercepting http port of squid (8130). This should work already. My problem is to redirect all the other outgoing traffic to the default gateway (192.168.1.1).
it’s already worth. Look at this forum for example 
.
BTW ssl is also possible, but it need a lot of certification work. You have to generate and import a trusted certificate at every client. At the end it is also secure but I only want to proxying http transparently 