TRANSPARENT PROXY NOT WORKING

Discussion regarding the installation and configuration of Linux distributions.

TRANSPARENT PROXY NOT WORKING

Postby Siraj Ahmed » Sun Mar 04, 2007 3:20 pm

Assalam o Alykum, sub doston ka shukriya jinhoney
linux ki installation sey ley kar Squid ki configuration
tak aur browsing tak mera sath diya

mera masla ye hai k browsing tou server per aur client per sub jagha ho
rahi hai lekin with proxy without proxy transparent proxy nahi ho rahi
aur yahoo messenger bhi no proxy per connect nahi hota plz help once again

mera senerio ye hai

networking with 2 lan card internet windows 2000 Prifessional
to linux EP 3
windows 2000
ip = 192.168.0.1
sn = 255.255.255.0

linux EP 3
eth0 = connected to windows 2000 Professional
ip = 192.168.0.2
sn = 255.255.255.0
gw = 192.168.0.1

eth1 = connected to client Pc
ip = 10.0.0.1
sn = 255.0.0.0
gw = 192.168.0.1

client pc (with DHCP)
ip = 10.0.0.2
sn = 255.0.0.0
gw = 10.0.0.1

packet forwarding
# echo 1 > /proc/sys/net/ipv4/ip_forward

Squid configuration file
# vi /etc/squid/squid.conf

http_port 8080
acl our_networks src 10.0.0.0/255.0.0.0
http_access alow our_networks
visible_hostname server2.sscable.com
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

ip tables
iptables –t nat –D POSTROUTING 1
iptables –t nat -A PREROUTING –o eth0 –p tcp –j MASQURADE
iptables –t nat -A PREROUTING –i eth1 –p tcp –dport 80 –j REDIRECT –to-port 8080
Siraj Ahmed
Lance Naik
 
Posts: 25
Joined: Thu Dec 08, 2005 10:22 pm
WLM: sscable@hotmail.com
Yahoo Messenger: sscable2002@yahoo.com
AOL: New+Karachi
Location: New Karachi

Re:

Postby LinuxFreaK » Sun Mar 04, 2007 5:56 pm

Dear Siraj Ahmed,
Salam,

How many ethernet cards you have in your linux machine ?

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby zaigham_tt » Sun Mar 04, 2007 6:35 pm

i thing make u clear is that

iptables –t nat -A PREROUTING –o eth0 –p tcp –j MASQURADE ---XXX is wrong

PREROUTING does not support outgoing traffic it is POSTROUTING mydear not PRE. :lol:

if u have static or fixed ip address on eth0 then dont use above rule for MASQUERADE use SNAT

iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT --to-source <eth0-ipaddr>
SNAT is very fast and efficent its like MASQUERADING not MASQUERADING
MASQERADING is used in such a case when u have dil-up and each time u get different ip address
and write this on PREROUTING

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128


n remember 1 thing also that this rule of transparent proxy applied on where squid,DNS n Gateway is configured on same machine .
otherwise u need to try DNAT for transparent proxy
Last edited by zaigham_tt on Sun Mar 04, 2007 7:27 pm, edited 1 time in total.
zaigham_tt
Havaldaar
 
Posts: 142
Joined: Fri Sep 22, 2006 8:33 pm
Website: http://www.programming-world.4t.com

Postby Siraj Ahmed » Sun Mar 04, 2007 7:25 pm

i have 2 lan card in linux machine
Siraj Ahmed
Lance Naik
 
Posts: 25
Joined: Thu Dec 08, 2005 10:22 pm
WLM: sscable@hotmail.com
Yahoo Messenger: sscable2002@yahoo.com
AOL: New+Karachi
Location: New Karachi

Re:

Postby LinuxFreaK » Mon Mar 05, 2007 9:17 am

Dear Siraj Ahmed,
Salam,

Siraj Ahmed wrote:i have 2 lan card in linux machine


Which Ethernet card have Internet connection and which Ethernet card is use for LAN ?

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby Siraj Ahmed » Mon Mar 05, 2007 8:26 pm

networking with 2 lan card internet windows 2000 Prifessional
to linux EP 3
windows 2000
ip = 192.168.0.1
sn = 255.255.255.0

linux EP 3
eth0 = connected to windows 2000 Professional
ip = 192.168.0.2
sn = 255.255.255.0
gw = 192.168.0.1

eth1 = connected to client Pc
ip = 10.0.0.1
sn = 255.0.0.0
gw = 192.168.0.1
Siraj Ahmed
Lance Naik
 
Posts: 25
Joined: Thu Dec 08, 2005 10:22 pm
WLM: sscable@hotmail.com
Yahoo Messenger: sscable2002@yahoo.com
AOL: New+Karachi
Location: New Karachi

Re:

Postby LinuxFreaK » Wed Mar 07, 2007 3:48 pm

Dear Siraj Ahmed,
Salam,

Your iptables rule should look like this.

# iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby sarthor » Mon Apr 02, 2007 2:48 pm

Salam O Alykum

Using ubuntu
2.6.17-10-generic.....Edgy...
squid....
root@sarthor:~# apt-cache policy squid
squid:
Installed: 2.6.1-3ubuntu1.3
Candidate: 2.6.1-3ubuntu1.3
Version table:
*** 2.6.1-3ubuntu1.3 0
500 http://security.ubuntu.com edgy-security/main Packages
100 /var/lib/dpkg/status
2.6.1-3ubuntu1 0
500 http://pk.archive.ubuntu.com edgy/main Packages


iptables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

#load Iptables modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp

#Enable Forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward

# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#Redirect port 80 to squid port
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 8080
/sbin/iptables -t nat -A POSTROUTING -p all -o ppp0 -j MASQUERADE
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


in squid
http_port 8080 transparent

Where i am Wrong? Ask me for more detail if the posted detail is not sufficient.
Waiting
Allah Hafiz
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
sarthor
Battalion Quarter Master Havaldaar
 
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
ICQ: 163419827
Website: http://amazai.net
WLM: sarthor@hotmail.com
Yahoo Messenger: baidaraka@yahoo.com
Location: Pukhtoonistan


Return to “%s” Installation

Who is online

Users browsing this forum: No registered users and 1 guest

cron