TRANSPARENT PROXY NOT WORKING

Discussion regarding the installation and configuration of Linux distributions.
Siraj Ahmed
Lance Naik
Posts: 25
Joined: Thu Dec 08, 2005 10:22 pm
Location: New Karachi
Contact:

TRANSPARENT PROXY NOT WORKING

Postby Siraj Ahmed » Sun Mar 04, 2007 3:20 pm

Assalam o Alykum, sub doston ka shukriya jinhoney
linux ki installation sey ley kar Squid ki configuration
tak aur browsing tak mera sath diya

mera masla ye hai k browsing tou server per aur client per sub jagha ho
rahi hai lekin with proxy without proxy transparent proxy nahi ho rahi
aur yahoo messenger bhi no proxy per connect nahi hota plz help once again

mera senerio ye hai

networking with 2 lan card internet windows 2000 Prifessional
to linux EP 3
windows 2000
ip = 192.168.0.1
sn = 255.255.255.0

linux EP 3
eth0 = connected to windows 2000 Professional
ip = 192.168.0.2
sn = 255.255.255.0
gw = 192.168.0.1

eth1 = connected to client Pc
ip = 10.0.0.1
sn = 255.0.0.0
gw = 192.168.0.1

client pc (with DHCP)
ip = 10.0.0.2
sn = 255.0.0.0
gw = 10.0.0.1

packet forwarding
# echo 1 > /proc/sys/net/ipv4/ip_forward

Squid configuration file
# vi /etc/squid/squid.conf

http_port 8080
acl our_networks src 10.0.0.0/255.0.0.0
http_access alow our_networks
visible_hostname server2.sscable.com
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

ip tables
iptables –t nat –D POSTROUTING 1
iptables –t nat -A PREROUTING –o eth0 –p tcp –j MASQURADE
iptables –t nat -A PREROUTING –i eth1 –p tcp –dport 80 –j REDIRECT –to-port 8080

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sun Mar 04, 2007 5:56 pm

Dear Siraj Ahmed,
Salam,

How many ethernet cards you have in your linux machine ?

Best Regards.
Farrukh Ahmed

zaigham_tt
Havaldaar
Posts: 142
Joined: Fri Sep 22, 2006 8:33 pm
Contact:

Postby zaigham_tt » Sun Mar 04, 2007 6:35 pm

i thing make u clear is that

iptables –t nat -A PREROUTING –o eth0 –p tcp –j MASQURADE ---XXX is wrong

PREROUTING does not support outgoing traffic it is POSTROUTING mydear not PRE. :lol:

if u have static or fixed ip address on eth0 then dont use above rule for MASQUERADE use SNAT

iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT --to-source <eth0-ipaddr>
SNAT is very fast and efficent its like MASQUERADING not MASQUERADING
MASQERADING is used in such a case when u have dil-up and each time u get different ip address
and write this on PREROUTING

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128


n remember 1 thing also that this rule of transparent proxy applied on where squid,DNS n Gateway is configured on same machine .
otherwise u need to try DNAT for transparent proxy
Last edited by zaigham_tt on Sun Mar 04, 2007 7:27 pm, edited 1 time in total.

Siraj Ahmed
Lance Naik
Posts: 25
Joined: Thu Dec 08, 2005 10:22 pm
Location: New Karachi
Contact:

Postby Siraj Ahmed » Sun Mar 04, 2007 7:25 pm

i have 2 lan card in linux machine

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Mon Mar 05, 2007 9:17 am

Dear Siraj Ahmed,
Salam,

Siraj Ahmed wrote:i have 2 lan card in linux machine


Which Ethernet card have Internet connection and which Ethernet card is use for LAN ?

Best Regards.
Farrukh Ahmed

Siraj Ahmed
Lance Naik
Posts: 25
Joined: Thu Dec 08, 2005 10:22 pm
Location: New Karachi
Contact:

Postby Siraj Ahmed » Mon Mar 05, 2007 8:26 pm

networking with 2 lan card internet windows 2000 Prifessional
to linux EP 3
windows 2000
ip = 192.168.0.1
sn = 255.255.255.0

linux EP 3
eth0 = connected to windows 2000 Professional
ip = 192.168.0.2
sn = 255.255.255.0
gw = 192.168.0.1

eth1 = connected to client Pc
ip = 10.0.0.1
sn = 255.0.0.0
gw = 192.168.0.1

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed Mar 07, 2007 3:48 pm

Dear Siraj Ahmed,
Salam,

Your iptables rule should look like this.

# iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Best Regards.
Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

Postby sarthor » Mon Apr 02, 2007 2:48 pm

Salam O Alykum

Using ubuntu
2.6.17-10-generic.....Edgy...
squid....
root@sarthor:~# apt-cache policy squid
squid:
Installed: 2.6.1-3ubuntu1.3
Candidate: 2.6.1-3ubuntu1.3
Version table:
*** 2.6.1-3ubuntu1.3 0
500 http://security.ubuntu.com edgy-security/main Packages
100 /var/lib/dpkg/status
2.6.1-3ubuntu1 0
500 http://pk.archive.ubuntu.com edgy/main Packages


iptables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

#load Iptables modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp

#Enable Forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward

# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#Redirect port 80 to squid port
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 8080
/sbin/iptables -t nat -A POSTROUTING -p all -o ppp0 -j MASQUERADE
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


in squid
http_port 8080 transparent

Where i am Wrong? Ask me for more detail if the posted detail is not sufficient.
Waiting
Allah Hafiz
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------


Return to “Installation”

Who is online

Users browsing this forum: No registered users and 1 guest