Transparent Proxy

Taking care of your Linux box.

Transparent Proxy

Postby shakirz1 » Thu Jan 22, 2004 9:29 am

I am using Linux RH 9 with Squid 2.5.

I am facing problem in transparent proxy, I also check previous posted answer on this link http://www.linuxpakistan.net/forum2x/vi ... ransparent
and did as describe in that topic, but problem is still same.

I have alreay done this transparent proxy in Linux 7.3 with Squid 2.4 and its working fine but not in RH 9 with Squid 2.5.

I did this thing in squid.

* httpd_accel_host virtual
* httpd_accel_port 80
* httpd_accel_with_proxy on httpd_accel_uses_host_header on

with iptables

echo > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j LOG --log-prefix "Transparent Proxy Done : "

I also log all transparent request in /var/log/messages file but not entry appear there. it means it is not squid problem because request is not going to NAT table. May be I am doing mistake to log. please help me.
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Sat Jan 24, 2004 3:43 am

Dear
Salam,

echo > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j LOG --log-prefix "Transparent Proxy Done : "


I think you forgot some thing :)

echo "1" > /proc/sys/net/ipv4/ip_forward

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Transparent Proxy

Postby shakirz1 » Sat Jan 24, 2004 12:42 pm

no Sir,

it was typing mistake, I put this in my script

echo 1 > /proc/sys/net/ipv4/ip_forward

but not working.
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi

Try this

Postby s7r1k3r » Sat Jan 24, 2004 8:41 pm

Assalam-O-Alaekum!

Try auto-configuring clients using DHCP or at least set the gateway IP to the proxy server. If all this fails, you can try IPCop which does all of this. Its really small and easy to setup. Once done, you can check the configuration of the IPCop system and tele it with your existing one to find out what you are missing.
a10n3 s7r1k3r
s7r1k3r
Battalion Quarter Master Havaldaar
 
Posts: 221
Joined: Wed Aug 07, 2002 3:02 pm
Location: Rawalpindi

Transparent Proxy

Postby shakirz1 » Mon Jan 26, 2004 10:14 am

I am also using DHCP for auto assign IP, Gateway, DNS of my Server to clients. this also setup was working fine in 7.3 but not in 9, I also try this in RH ES 2.1 and working fine.
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi

Check for firewall.

Postby s7r1k3r » Mon Jan 26, 2004 4:26 pm

First check if iptables (firewall) is running

service iptables status

if it is then its rules might be giving you problems. Try turning it off.

service iptables stop
a10n3 s7r1k3r
s7r1k3r
Battalion Quarter Master Havaldaar
 
Posts: 221
Joined: Wed Aug 07, 2002 3:02 pm
Location: Rawalpindi

Transparent Proxy

Postby shakirz1 » Mon Jan 26, 2004 5:13 pm

first I stop the firewall and put manaul proxy on IE, then SQUID is running but when I remove manaul proxy and put firewall rule on linux it does not work.


#------ for transparent proxy
service iptables stop
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

I also stop this service and for checking log either NAT is working or not I put this rule.

service iptables stop
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j LOG --log-prefix "checking transparent : "

but no log show in /var/log/messages

please help me.
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Mon Jan 26, 2004 11:43 pm

Dear shakirz1,
Salam,

service iptables stop
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128


I don't know why you stop iptables service.. and still you want to do IP NATing. Please Start your IPtabels Service.

# service iptables start

and also check the below link.

http://iptables-tutorial.frozentux.net/ ... orial.html

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Transparent Proxy

Postby shakirz1 » Tue Jan 27, 2004 3:24 pm

becuase s7r1k3r told me to stop firewall script so I stop iptables script and then run transparent proxy script after that this script did not work, then I try to NAT packets to log.
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi

Postby zaeemarshad » Tue Jan 27, 2004 3:56 pm

no shakirz1 u cant apply the rules and expect em to work when the service is stopped. what u should do is

service iptables start
apply your rule
iptables-save

thats it. that will solve your problem. optionally u can put the rule in /etc/rc.local

cheers
zaeem
zaeemarshad
Lieutenant Colonel
 
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Website: http://zaeem.no-ip.org
WLM: zarshadvirk@hotmail.com
Yahoo Messenger: negativecreep61@yahoo.com
AOL: zarshadvirk
Location: Islamabad

Postby sarbazix » Fri Feb 20, 2004 6:01 am

i have installed linux 8.0 wid Squid/2.4.STABLE7 and internet is connected on Radio 128

my clients are connected through eth1 192.168.0.1 and eth0 on Radio

my rc.local


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward

but den also it's not working i hv also tried wid masquerade

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

it was working fine before but somehow my system crashed and now it's not working dnno why... :?

any comments???

Regards
tAh|R Sarbazi
sarbazix
Lance Naik
 
Posts: 15
Joined: Fri Feb 20, 2004 4:56 am
WLM: tabaloch@hotmail.com
Yahoo Messenger: tabaloch@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Sat Feb 28, 2004 12:12 am

Dear sarbazix,
Salam,

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

http://en.tldp.org/HOWTO/TransparentProxy.html

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron