Hi, I have this situation:
eth1 (internal network range 192.168.1.xxx) with all PC's and connected here also a router for giving free WIFI for customers.
I setup this router with a fixed IP on WAN (192,168.1.222) and internal router IP with 10.0.0.1 and DHCP range from him at 10.0.0.100 to 10.0.0.254 so all connecting WIFI customers will get one IP from this range.
1st problem, since I have proxy enable on zentyal for http and https with wpad auto discover and I can't setup this proxy on the router WAN all customers connected can't browse the web.
Because of this I though of a fixed iptables rule redirecting all source from the router IP to local zentyal squid port, so I create a firewall.postservice file inside hooks directory with thi rule:
iptables -t nat -A PREROUTING -s 192.168.1.222/32 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128
It works and the squid get's the trafic but can't handle properly since I'm not runnig a transparent proxy because of HTTPS, so I get the squid error message of protocol missing, header missing, domain missing and so on.
So my question, is there a way of do the proper redirecting so this works?
Is there other way of achive this customers WIFI isolation from my normal internal work range?
NOTE: I can't install another network card since I don't have more free slots on the PC mainboard, the only way is with a vistual interface on tope of eth1, but O tried that also without sucess since I can't see it after for doins firewall configuratins (I also reported this here on another post).
Any solution or sugestion is welcome, thanks.