Page 1 of 1

Required help by Cash

Posted: Mon Aug 27, 2007 10:22 pm
by Siraj Ahmed
Assalam o Alykum
machine = Fedoran 6, squid 2.6 stable 4
internet line = DSL from PTCL through Lan Modem 192.168.1.1

eth0 = ip = 192.168.1.3 connected with PTCL modem
sm = 255.255.255.0
defaul gw = 192.168.1.1


eth1 = ip = 192.168.10.10 connected LAN users
sm = 255.255.255.0

clients PCs per
browsing ho rahi hai explorer mai ip deney key baad
yahoo aur mns messenger bhi connect ho raha hai ip key saath

mai chahata ho browsing aur messenger withou ip key connect ho yani Transparent
pls koi hall batain

AGAR KOI BHAI MERA MASLA HAL KAR DAIN TOU MAI PAYMENT BHI KAR SAKTA HOO SO PLEASE CONTACT ME

Siraj Ahemd 0300 - 9217465

Re:

Posted: Tue Aug 28, 2007 7:55 am
by LinuxFreaK
Dear Siraj Ahmed,
Salam,

Have you tried to search at Linux Pakistan Forum ?

Post your squid configuration file along with your iptables rules.

Best Regards.

transparment inetrnet

Posted: Tue Aug 28, 2007 12:43 pm
by ovais1980
yar if u don't implement any rule your end user or workstation u don't requirment squiq

u just run these two command and u automaticaly using tranparment proxy
.
1) echo 1 > /proc/sys/net/ipv4/ip_forward

2)iptables -t nat -A POSTROUTING -o eth0 -p tcp -j MASQUERADE

if u run firewall stop firewall service and squid service

INSHALLAH EVERY THING RUNNING PERFECTLY
GOD BLESS YOU

Syed Ovais Irfan

Posted: Tue Aug 28, 2007 3:33 pm
by Siraj Ahmed
Assalam o Alykum

iptables k sarey rules mai apply kar chuka ho lekin result wohi ka wohi hai

kya mujhe squid ko compile karna parey ga ??

Fedora 6 with squid 2.6 stable 4 already installed

transparment inetrnet

Posted: Tue Aug 28, 2007 4:11 pm
by ovais1980
yar ap nay woh step kaya jo ap ko batay thay
sub say pehlay ap woh step karay


Syed Ovais Irfan

Posted: Tue Aug 28, 2007 9:36 pm
by Siraj Ahmed
Assalam o Alykum
Bhai Syed Ovais Irfan sahab mai sub kar chuka hoo lekin Transparent browsing nahi ho rahi

Posted: Thu Aug 30, 2007 12:20 am
by Siraj Ahmed
Transpatent proxy not working

DSL Modem (PTCL) 192.168.1.1 DHCP on
eth0 = from internet
ip from DHCP from PTCL modem ( 192.168.1.3 )

eth1= for LAN users
192.168.10.10
255.255.255.0

Squid Server ip 192.168.10.10:8080

DHCP on 192.168.11 to 192.168.70

Squid Basic Configuration

http_port 192.168.10.10:8080 transparent
http_port 80 vhost
http_port 127.0.0.1:8080 transparent
always_direct allow all

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl mynet src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow mynet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

my iptables rules

#!/bin/sh

# ------------------------------------------------------------------------------------

# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html

# (c) 2006, nixCraft under GNU/GPL v2.0+

# -------------------------------------------------------------------------------------

# squid server IP

SQUID_SERVER="192.168.10.10"

# Interface connected to Internet

INTERNET="eth0"

# Interface connected to LAN

LAN_IN="eth1"

# Squid port

SQUID_PORT="8080"


# DO NOT MODIFY BELOW

# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support

modprobe ip_conntrack

modprobe ip_conntrack_ftp

# For win xp ftp client

#modprobe ip_nat_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

# Unlimited access to loop back

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP

iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN

iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE

iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT

# unlimited access to LAN

iptables -A INPUT -i $LAN_IN -j ACCEPT

iptables -A OUTPUT -o $LAN_IN -j ACCEPT

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy

iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT

# if it is same system

iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

# DROP everything and Log it

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP



then

service ipiptables save
chkconfig iptables on
service squid restart
chkconfig squid on

Posted: Thu Aug 30, 2007 12:22 am
by Siraj Ahmed
Transpatent proxy not working

DSL Modem (PTCL) 192.168.1.1 DHCP on
eth0 = from internet
ip from DHCP from PTCL modem ( 192.168.1.3 )

eth1= for LAN users
192.168.10.10
255.255.255.0

Squid Server ip 192.168.10.10:8080

DHCP on 192.168.11 to 192.168.70

Squid Basic Configuration

http_port 192.168.10.10:8080 transparent
http_port 80 vhost
http_port 127.0.0.1:8080 transparent
always_direct allow all

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl mynet src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow mynet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

my iptables rules

#!/bin/sh

# ------------------------------------------------------------------------------------

# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html

# (c) 2006, nixCraft under GNU/GPL v2.0+

# -------------------------------------------------------------------------------------

# squid server IP

SQUID_SERVER="192.168.10.10"

# Interface connected to Internet

INTERNET="eth0"

# Interface connected to LAN

LAN_IN="eth1"

# Squid port

SQUID_PORT="8080"


# DO NOT MODIFY BELOW

# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support

modprobe ip_conntrack

modprobe ip_conntrack_ftp

# For win xp ftp client

#modprobe ip_nat_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

# Unlimited access to loop back

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP

iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN

iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE

iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT

# unlimited access to LAN

iptables -A INPUT -i $LAN_IN -j ACCEPT

iptables -A OUTPUT -o $LAN_IN -j ACCEPT

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy

iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT

# if it is same system

iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

# DROP everything and Log it

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP



then

service ipiptables save
chkconfig iptables on
service squid restart
chkconfig squid on