squid as transparent in RHEL 4

Protecting your Linux box
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

squid as transparent in RHEL 4

Post by majidnazeer »

I installed squid 2.6 stable 17 on RHEL 4. But squid not run as transparent proxy whenever i installed same squid on fedor2 that worked fine as transparent proxy or proxy.
Is it problem of RHEL4? Anybody can help me.
I use below configuration own squid and rc.local.

http_port 192.168.0.1:8080 transparent

iptables -t NAT -A POSTROUTING -s 192.168.0.1 -o eth1 -j MASQUERADE
iptables -t NAT -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

eth1=ISP ip
eth0=local ip



Thanks




Thanks
Majid
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

dunno. i have pretty much the same thing, and it works for me:

Code: Select all

http_port 192.168.0.67:3128 transparent

Code: Select all

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
does "squid -v" say "--enable-linux-netfilter"?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear majidnazeer,

The rules stated by you and Mr.Lambda, these rules always works. If they are not working, please paste your complete IPTABLES rules, there might be something wrong in your rules...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Post by majidnazeer »

AoA!
Dear Mudasir

i use same rule in fedora that is worked fine. this problem occur in RHEL4.

Thanks
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

posting a question and answering it yourself as well if you are so sure then why did you posted?? the problem is not your rhel box but in your configuration. why dont you run

Code: Select all

/sbin/iptables -t nat -L
and paste reults here and as well as your squid conf. and i will like to know that do have also installed the squid comming built in with rhel or just compiled for yourself.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear majidnazeer,

As i said without looking into your IPTABLES rules, no one can tell you what is the problem.

You can also check whether IPTABLES service is running or not. And if it is not running then just start the service then apply these rules, and see whether they work or not.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

iptables is not a service. stop calling it that!
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

lambda wrote:iptables is not a service. stop calling it that!
What would you like to call it a Daemon?

ok it is not a service then in RHEL why we say

# service iptables start/stop/restart

is there any difference between Daemon/Service ????

You need to consult your RHCE books again about which am sure you are not certified!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear Usman and Lambda,

I think we should try to solve the problem rather then just argue in this little misconfusion created by ME....

To clear somethings up..

iptables ---> is the service
/sbin/iptables ---> is the deamon.

A ‘daemon’ is a software process that runs in the background (continuously) and provides the service to client upon request.

Difference Between Service and Deamon

So, i think i was correct :roll:

To the main problem, Dear majidnazeer, please post your iptables rules so that we try to solve your problem.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Dear Mudassir!
Actually the problem was not created by you. It is some 1 else who's always eager to take a point to pull some 1's leg. Doesn't matter point is right or not they won't miss a chance!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Post by majidnazeer »

hi all!

i use below mention rule in rc.local.

<<Quote>>



touch /var/lock/subsys/local
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0 -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
/usr/local/squid/sbin/squid

<</Quote>>


Thanks
Majid
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

is this outcome came from

Code: Select all

iptables -t nat -L
I am sure its not!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

x2oxen wrote:What would you like to call it a Daemon?
wow, not only don't you understand what a "service" is, you don't even know what a "daemon" is. how'd you get so far without learning that?
ok it is not a service then in RHEL why we say

# service iptables start/stop/restart

is there any difference between Daemon/Service ????
tell me, ox, if it's a service (or a daemon, whatever you prefer), what process runs continuously when you use iptables?

why don't you come out and actually define what a daemon (or service) is on linux? can you do that? no, you CAN'T.
You need to consult your RHCE books again about which am sure you are not certified!
who cares what rhel/rhce/fedora say about linux? redhat is not the only linux distribution out there! i don't need to consult any "books" because i've used linux and unix since before redhat existed as a company! you know NOTHING!
mudasir wrote:To clear somethings up..

iptables ---> is the service
/sbin/iptables ---> is the deamon.
you are incorrect. /sbin/iptables is not a daemon. when you set some rules using iptables, and then you run "ps auxww", do you see iptables running in the background?

instead of blindly pasting links to web pages, try to actually take the time to read them.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

who cares what rhel/rhce/fedora say about linux? redhat is not the only linux distribution out there! i don't need to consult any "books" because i've used linux and unix since before redhat existed as a company! you know NOTHING!
I think you should know 1st we are discussing about RHEL squid issue here but not any other distribution.
tell me, ox, if it's a service (or a daemon, whatever you prefer), what process runs continuously when you use iptables?

why don't you come out and actually define what a daemon (or service) is on linux? can you do that? no, you CAN'T.
I can define a daemon or service for sure but not for you. In edition for your information Red Hat is calling iptables a SERVICE

http://www.redhat.com/docs/manuals/linu ... ables.html

Still not agree then

IPTABLES SERVICE
IPTABLES SERVICE
IPTABLES SERVICE

Who cares you mind that
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

x2oxen wrote:I think you should know 1st we are discussing about RHEL squid issue here but not any other distribution.
as if squid on rhel is any different from squid on any other distribution. irrelevant!
In edition for your information Red Hat is calling iptables a SERVICE
again with the stupid redhat definitions. just because redhat considers anything you start or stop using the "service" command a service doesn't mean it's actually a service. you can run "service ntpdate start" but there is no ntpdate service, just like there's no iptables service. you could also run "/etc/init.d/ntpdate start", because that's all that "service ntpdate start" does -- would you still claim it's a service? (knowing your lack of a logical approach to problems, probably yes.)

do you honestly believe that redhat invented the term "service"? and no, i don't believe you can define what a service or a daemon is, at least in the context of unix/linux.
Who cares you mind that
as per my signature, you're not worth arguing with any more.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Post Reply