squid as transparent in RHEL 4

Protecting your Linux box

squid as transparent in RHEL 4

Postby majidnazeer » Tue Jan 29, 2008 2:06 pm

I installed squid 2.6 stable 17 on RHEL 4. But squid not run as transparent proxy whenever i installed same squid on fedor2 that worked fine as transparent proxy or proxy.
Is it problem of RHEL4? Anybody can help me.
I use below configuration own squid and rc.local.

http_port 192.168.0.1:8080 transparent

iptables -t NAT -A POSTROUTING -s 192.168.0.1 -o eth1 -j MASQUERADE
iptables -t NAT -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

eth1=ISP ip
eth0=local ip



Thanks




Thanks
Majid
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Postby lambda » Tue Jan 29, 2008 6:04 pm

dunno. i have pretty much the same thing, and it works for me:

Code: Select all

http_port 192.168.0.67:3128 transparent

Code: Select all

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

does "squid -v" say "--enable-linux-netfilter"?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Tue Jan 29, 2008 6:36 pm

AOA,

Dear majidnazeer,

The rules stated by you and Mr.Lambda, these rules always works. If they are not working, please paste your complete IPTABLES rules, there might be something wrong in your rules...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby majidnazeer » Wed Jan 30, 2008 2:11 pm

AoA!
Dear Mudasir

i use same rule in fedora that is worked fine. this problem occur in RHEL4.

Thanks
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Postby x2oxen » Wed Jan 30, 2008 3:04 pm

posting a question and answering it yourself as well if you are so sure then why did you posted?? the problem is not your rhel box but in your configuration. why dont you run

Code: Select all

/sbin/iptables -t nat -L

and paste reults here and as well as your squid conf. and i will like to know that do have also installed the squid comming built in with rhel or just compiled for yourself.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mudasir » Thu Jan 31, 2008 8:00 am

AOA,

Dear majidnazeer,

As i said without looking into your IPTABLES rules, no one can tell you what is the problem.

You can also check whether IPTABLES service is running or not. And if it is not running then just start the service then apply these rules, and see whether they work or not.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby lambda » Thu Jan 31, 2008 1:53 pm

iptables is not a service. stop calling it that!
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby x2oxen » Thu Jan 31, 2008 7:49 pm

lambda wrote:iptables is not a service. stop calling it that!


What would you like to call it a Daemon?

ok it is not a service then in RHEL why we say

# service iptables start/stop/restart

is there any difference between Daemon/Service ????

You need to consult your RHCE books again about which am sure you are not certified!
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mudasir » Thu Jan 31, 2008 9:57 pm

AOA,

Dear Usman and Lambda,

I think we should try to solve the problem rather then just argue in this little misconfusion created by ME....

To clear somethings up..

iptables ---> is the service
/sbin/iptables ---> is the deamon.

A ‘daemon’ is a software process that runs in the background (continuously) and provides the service to client upon request.

Difference Between Service and Deamon

So, i think i was correct :roll:

To the main problem, Dear majidnazeer, please post your iptables rules so that we try to solve your problem.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby x2oxen » Thu Jan 31, 2008 11:26 pm

Dear Mudassir!
Actually the problem was not created by you. It is some 1 else who's always eager to take a point to pull some 1's leg. Doesn't matter point is right or not they won't miss a chance!
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby majidnazeer » Fri Feb 01, 2008 9:36 am

hi all!

i use below mention rule in rc.local.

<<Quote>>



touch /var/lock/subsys/local
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0 -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
/usr/local/squid/sbin/squid

<</Quote>>


Thanks
Majid
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Postby x2oxen » Fri Feb 01, 2008 2:11 pm

is this outcome came from

Code: Select all

iptables -t nat -L


I am sure its not!
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby lambda » Fri Feb 01, 2008 5:30 pm

x2oxen wrote:What would you like to call it a Daemon?
wow, not only don't you understand what a "service" is, you don't even know what a "daemon" is. how'd you get so far without learning that?

ok it is not a service then in RHEL why we say

# service iptables start/stop/restart

is there any difference between Daemon/Service ????
tell me, ox, if it's a service (or a daemon, whatever you prefer), what process runs continuously when you use iptables?

why don't you come out and actually define what a daemon (or service) is on linux? can you do that? no, you CAN'T.

You need to consult your RHCE books again about which am sure you are not certified!
who cares what rhel/rhce/fedora say about linux? redhat is not the only linux distribution out there! i don't need to consult any "books" because i've used linux and unix since before redhat existed as a company! you know NOTHING!

mudasir wrote:To clear somethings up..

iptables ---> is the service
/sbin/iptables ---> is the deamon.
you are incorrect. /sbin/iptables is not a daemon. when you set some rules using iptables, and then you run "ps auxww", do you see iptables running in the background?

instead of blindly pasting links to web pages, try to actually take the time to read them.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby x2oxen » Fri Feb 01, 2008 9:41 pm

who cares what rhel/rhce/fedora say about linux? redhat is not the only linux distribution out there! i don't need to consult any "books" because i've used linux and unix since before redhat existed as a company! you know NOTHING!


I think you should know 1st we are discussing about RHEL squid issue here but not any other distribution.

tell me, ox, if it's a service (or a daemon, whatever you prefer), what process runs continuously when you use iptables?

why don't you come out and actually define what a daemon (or service) is on linux? can you do that? no, you CAN'T.


I can define a daemon or service for sure but not for you. In edition for your information Red Hat is calling iptables a SERVICE

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-basic-firewall-activate-iptables.html

Still not agree then

IPTABLES SERVICE
IPTABLES SERVICE
IPTABLES SERVICE

Who cares you mind that
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby lambda » Fri Feb 01, 2008 10:25 pm

x2oxen wrote:I think you should know 1st we are discussing about RHEL squid issue here but not any other distribution.
as if squid on rhel is any different from squid on any other distribution. irrelevant!

In edition for your information Red Hat is calling iptables a SERVICE
again with the stupid redhat definitions. just because redhat considers anything you start or stop using the "service" command a service doesn't mean it's actually a service. you can run "service ntpdate start" but there is no ntpdate service, just like there's no iptables service. you could also run "/etc/init.d/ntpdate start", because that's all that "service ntpdate start" does -- would you still claim it's a service? (knowing your lack of a logical approach to problems, probably yes.)

do you honestly believe that redhat invented the term "service"? and no, i don't believe you can define what a service or a daemon is, at least in the context of unix/linux.

Who cares you mind that
as per my signature, you're not worth arguing with any more.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 3 guests

cron