[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Transparent Proxy

Posted on 2003-10-30
11
Medium Priority
?
707 Views
Last Modified: 2010-03-18
Hi,
I am network engg (windows), but new for linux. i installed red hat linux 8.0 at one of my customer place as internet
proxy server (squid).
Now internet is working on clients machine on 3128 port.

my network is like this :-

2 ethernet on server
eth0 is directly connected to internet
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 is connected to local network
ip : 192.168.20.1

I changed in squid.conf file to

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on httpd_accel_uses_host_header on

and  

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

i done all setting on client machine, i,e;-
gateway : 192.168.20.1
subnet :203.145.6.13
             203.145.6.1

still iam not getting internet from transparent proxy server

please help me.

Hussain
{{email addr removed by jmcg during cleanup}}
0
Comment
Question by:hussain_net
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:_tack
ID: 9650996
This line changes the destionation port from 80 to 3128, it will not redirect traffic to your local proxy.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Did you read "Transparent Proxy with Linux and Squid mini-HOWTO", right?

you just missed the section 6, "Transparent Proxy to a Remote Box"

Just in case ...
http://en.tldp.org/HOWTO/TransparentProxy.html
0
 
LVL 5

Expert Comment

by:brabard
ID: 9652360
I don't clear understand the relation between this :
"subnet : 203.145.6.13
             203.145.6.1
"
and your clients settings ?
0
 

Author Comment

by:hussain_net
ID: 9658672
Hi,

Thanks, but still i need more help.
Iam using 1 computer for squid and i want to make it as TRANSPARENT PROXY (squid) also
2 ethernets in proxy server(squid)
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 is connected to local network
ip : 192.168.20.1

and 5 computers(win9x) connected with the same network

i changed the setting in squid.confg files :-
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on httpd_accel_uses_host_header on

and   iptables

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

still iam not getting internet on client computers with transparent proxy

note :- internet is working in client computers on port 3128.
 
please help me and write fresh iptables so that i can use my clients computers on transparent proxy. and what chages i have to do in other computers.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 5

Expert Comment

by:brabard
ID: 9659344
"note :- internet is working in client computers on port 3128.
 
"
What do you mean ? The reason of redirecting with iptables requests from 80 to 3128 port is to transport ordinary http requests with 80 dest port through squid . I f your requests are comming with 3128 dst port , they will go to nowhere ...

But I still can't understand your sitution .
1. You said internet is not working in client mashines .
2. You said internet is working on 3128 port in client machines .
???
I am confused , please tell how you confugured the clients in details .
0
 

Author Comment

by:hussain_net
ID: 9663104
Hi,
 Sorry for confusion on my questions.
 I installed Red hat linux 8.0 in 1 computer for internet proxy server(squid). 2 ethernets eth0 and eth1 connected to this computer.
eth0  is directly connected with internet(ISP) and eth1 is for local network.
eth0 :-
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 :-
ip : 192.168.20.1

on client computers iam using win9x and connected with 192.168.20.x network.

I started squid on server
after entering proxy setting in client's browser (http 192.168.20.1 and port 3128) internet is working (on client computers).

Now my aim is - internet should working without changing browser's proxy settings. and i want to redirect 3128 traffic to local proxy.

So, what changes i have to do in squid and what could be the iptables for redirection


Hope now u know what is my problem.

Thanking you
Hussain
0
 
LVL 5

Expert Comment

by:brabard
ID: 9665412
I understood , ok .
Basicly your setting have to be right , but there are 2 possible mistakes .
First is squid is not running in transparent mode and the second is something in your iptables do not allow redirection .
Try setting proxy on browser to 192.168.20.1:80 and see if it works .
Btw , what message return the browser ?
0
 
LVL 5

Expert Comment

by:brabard
ID: 9665427
Actually , after checking the conf , I think all you need is :

http_port 192.168.20.1:10777
acl mynet src 192.168.20.0/255.255.255.0
acl world src 0.0.0.0/0.0.0.0
http_access allow mynet
http_access deny world
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
nonhierarchical_direct off

iptables -t nat -I PREROUTING -p tcp --dport 80 -s 192.168.20.0/24 -j REDIRECT --to-port 10777

Is your config the same ?
0
 

Expert Comment

by:corposemalma
ID: 10570381
I´m having the same problem on Suse 9.0

Maybe this one can help you in some way (just to change infos):
http://www.experts-exchange.com/Networking/Linux_Networking/Q_20908587.html

Sorry for the interruption...
If you solve it let me know how did you did it!  If I could solve mine I´ll tell you how  = D
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14070762
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question