Transparent Proxy

Taking care of your Linux box.
Post Reply
shakirz1
Battalion Quarter Master Havaldaar
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Location: Karachi
Contact:

Transparent Proxy

Post by shakirz1 »

I am using Linux RH 9 with Squid 2.5.

I am facing problem in transparent proxy, I also check previous posted answer on this link http://www.linuxpakistan.net/forum2x/vi ... ransparent
and did as describe in that topic, but problem is still same.

I have alreay done this transparent proxy in Linux 7.3 with Squid 2.4 and its working fine but not in RH 9 with Squid 2.5.

I did this thing in squid.

* httpd_accel_host virtual
* httpd_accel_port 80
* httpd_accel_with_proxy on httpd_accel_uses_host_header on

with iptables

echo > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j LOG --log-prefix "Transparent Proxy Done : "

I also log all transparent request in /var/log/messages file but not entry appear there. it means it is not squid problem because request is not going to NAT table. May be I am doing mistake to log. please help me.
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear
Salam,
echo > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j LOG --log-prefix "Transparent Proxy Done : "
I think you forgot some thing :)

echo "1" > /proc/sys/net/ipv4/ip_forward

Best Regards.
Farrukh Ahmed
shakirz1
Battalion Quarter Master Havaldaar
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Location: Karachi
Contact:

Transparent Proxy

Post by shakirz1 »

no Sir,

it was typing mistake, I put this in my script

echo 1 > /proc/sys/net/ipv4/ip_forward

but not working.
s7r1k3r
Battalion Quarter Master Havaldaar
Posts: 221
Joined: Wed Aug 07, 2002 3:02 pm
Location: Rawalpindi

Try this

Post by s7r1k3r »

Assalam-O-Alaekum!

Try auto-configuring clients using DHCP or at least set the gateway IP to the proxy server. If all this fails, you can try IPCop which does all of this. Its really small and easy to setup. Once done, you can check the configuration of the IPCop system and tele it with your existing one to find out what you are missing.
a10n3 s7r1k3r
shakirz1
Battalion Quarter Master Havaldaar
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Location: Karachi
Contact:

Transparent Proxy

Post by shakirz1 »

I am also using DHCP for auto assign IP, Gateway, DNS of my Server to clients. this also setup was working fine in 7.3 but not in 9, I also try this in RH ES 2.1 and working fine.
s7r1k3r
Battalion Quarter Master Havaldaar
Posts: 221
Joined: Wed Aug 07, 2002 3:02 pm
Location: Rawalpindi

Check for firewall.

Post by s7r1k3r »

First check if iptables (firewall) is running

service iptables status

if it is then its rules might be giving you problems. Try turning it off.

service iptables stop
a10n3 s7r1k3r
shakirz1
Battalion Quarter Master Havaldaar
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Location: Karachi
Contact:

Transparent Proxy

Post by shakirz1 »

first I stop the firewall and put manaul proxy on IE, then SQUID is running but when I remove manaul proxy and put firewall rule on linux it does not work.


#------ for transparent proxy
service iptables stop
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

I also stop this service and for checking log either NAT is working or not I put this rule.

service iptables stop
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j LOG --log-prefix "checking transparent : "

but no log show in /var/log/messages

please help me.
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear shakirz1,
Salam,
service iptables stop
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128


I don't know why you stop iptables service.. and still you want to do IP NATing. Please Start your IPtabels Service.

# service iptables start

and also check the below link.

http://iptables-tutorial.frozentux.net/ ... orial.html

Best Regards.
Farrukh Ahmed
shakirz1
Battalion Quarter Master Havaldaar
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Location: Karachi
Contact:

Transparent Proxy

Post by shakirz1 »

becuase s7r1k3r told me to stop firewall script so I stop iptables script and then run transparent proxy script after that this script did not work, then I try to NAT packets to log.
zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

Post by zaeemarshad »

no shakirz1 u cant apply the rules and expect em to work when the service is stopped. what u should do is

service iptables start
apply your rule
iptables-save

thats it. that will solve your problem. optionally u can put the rule in /etc/rc.local

cheers
zaeem
sarbazix
Lance Naik
Posts: 15
Joined: Fri Feb 20, 2004 4:56 am
Location: Karachi
Contact:

Post by sarbazix »

i have installed linux 8.0 wid Squid/2.4.STABLE7 and internet is connected on Radio 128

my clients are connected through eth1 192.168.0.1 and eth0 on Radio

my rc.local


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward

but den also it's not working i hv also tried wid masquerade

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

it was working fine before but somehow my system crashed and now it's not working dnno why... :?

any comments???

Regards
tAh|R Sarbazi
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear sarbazix,
Salam,

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

http://en.tldp.org/HOWTO/TransparentProxy.html

Best Regards.
Farrukh Ahmed
Post Reply