squid as transparent in RHEL 4

Protecting your Linux box

Postby x2oxen » Sat Feb 02, 2008 2:13 am

i will say again according to rhel manuals and books that i have explored they called it with the name of iptables service in many places.. I am totally understanding your logics that you giving and totally understand what is a daemon but are you asking to me accept rhel peoples are stupid enough to call it a service!

I talked with you along with references here i give you again where author naming it as a service.
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-basic-firewall-activate-iptables.html

Activating the iptables Service!

Now you want me to refuse this whole enterprise distribution???

and Yes No More Argues on That Because I am totally convinced with your signature!a
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby majidnazeer » Sat Feb 02, 2008 9:13 am

AoA!

I got this rules from command "iptables -t nat -L".

<<<Quote>>>>



target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 194.9.100.0 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


<</Quote>>

Thanks
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Postby x2oxen » Sat Feb 02, 2008 3:34 pm

Your rules seems pretty much ok these should work out.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby majidnazeer » Mon Feb 04, 2008 12:23 pm

But it's not work as transparent proxy.

Thanks
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Postby mudasir » Fri Feb 08, 2008 3:10 am

AOA,

I beg you guyz please dont finght... i am sorry that i mistakenly wrote something that i should not have written without doing a complete research on that, i can never argue with Mr.Lambda as he is very much senior and have more experience then me.

I am sorry again, all this started becasue of me.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby lambda » Mon Feb 11, 2008 3:56 pm

it's all very simple.

smtp is a service, and sendmail (or postfix) is its server and outlook is its client.
http is a service, and apache (or iis) is its server and firefox is its client.
snmp is a service, and snmpd is its server and snmpnetstat is its client.
iptables is a service, and _____ is its server, and ____ is its client.

can anyone fill in the blanks with something reasonable?

iptables is not a service, just like "mv" or "ls" aren't services.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mahin » Mon Feb 11, 2008 7:45 pm

I do not see any fight except that lambda is bent upon making what they say " Demagh - ki - Dahi " :). What he is saying is correct yet you guys are also not wrong in quoting what you read.

I am not a guru like lambda still I can try to give you guys a hint.

IP Tables are user level access to change filtering mechanism of Kernel and remember kernel is not a Daemon :) [ a Daemon runs over some kernel and if we say kernel is a daemon then kernel runs over what ? :) ]

Now if some one would make a "Lassi" of that " Dahi" then some butter would come up :).

Google is your friend!

mudasir wrote:AOA,

I beg you guyz please dont finght...
mahin
Major
 
Posts: 605
Joined: Wed Aug 07, 2002 8:00 pm
Website: http://www.linuxpakistan.net/wiki/index.php/LinuxPakistanKarachi
Location: Karachi

Postby x2oxen » Mon Feb 11, 2008 11:58 pm

wow mahin dimag--->dahi--->lassi+makhan

you going in a perfect sequence. I think you must be working on candiland milki linux :P
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mudasir » Tue Feb 12, 2008 4:05 am

AOA,

Dear majidnazeer,

In your squid.conf file try to add these lines, below configuration is made on assumption that squid is running on port 8080 and is on the same macine.

Code: Select all

http_port 8080 transparent
http_port 80 vport vhost


Then run these IPTABLES rules.

Code: Select all


NETWORK="eth0"
INTERNET="eth1"
LOC_IP="192.168.0.1/24"

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o $INTERNET -p ALL -j MASQUERADE
iptables -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -p udp --dport 80 -j REDIRECT --to-port 8080


Do let us know if it works for you or not.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby x2oxen » Tue Feb 12, 2008 5:26 am

mudasir wrote:AOA,

Code: Select all

http_port 8080 transparent
http_port 80 vport vhost




I consider he is using Squid 2.5 stable 6 that comes built in with rhel4 so those options won't work. He has to use httpd_accelerator options for making it transparent.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mudasir » Tue Feb 12, 2008 5:27 am

AOA,

Dear Usman,

In his first post he stated

I installed squid 2.6 stable 17 on RHEL 4. But squid not run as transparent proxy whenever i installed same squid on fedor2 that worked fine as transparent proxy or proxy
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby x2oxen » Tue Feb 12, 2008 7:05 am

Sorry forgot about that! Then as far as i can guess he must have made some problem while compiling the source code. why don't he give up the outcome of

Code: Select all

squid -v
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby nomankhn » Sat Feb 16, 2008 2:36 pm

Dear usman,

your experience is good enough, but before replying thread read the complete post and test it and then sent it, I am sure you are good enough and post very good threads and your suggestion is really meaningful for us, but at least first check at your side.

Regards,
Noman Liaquat
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron