Solved

Transparent Proxy

Posted on 2003-10-30
11
704 Views
Last Modified: 2010-03-18
Hi,
I am network engg (windows), but new for linux. i installed red hat linux 8.0 at one of my customer place as internet
proxy server (squid).
Now internet is working on clients machine on 3128 port.

my network is like this :-

2 ethernet on server
eth0 is directly connected to internet
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 is connected to local network
ip : 192.168.20.1

I changed in squid.conf file to

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on httpd_accel_uses_host_header on

and  

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

i done all setting on client machine, i,e;-
gateway : 192.168.20.1
subnet :203.145.6.13
             203.145.6.1

still iam not getting internet from transparent proxy server

please help me.

Hussain
{{email addr removed by jmcg during cleanup}}
0
Comment
Question by:hussain_net
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:_tack
ID: 9650996
This line changes the destionation port from 80 to 3128, it will not redirect traffic to your local proxy.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Did you read "Transparent Proxy with Linux and Squid mini-HOWTO", right?

you just missed the section 6, "Transparent Proxy to a Remote Box"

Just in case ...
http://en.tldp.org/HOWTO/TransparentProxy.html
0
 
LVL 5

Expert Comment

by:brabard
ID: 9652360
I don't clear understand the relation between this :
"subnet : 203.145.6.13
             203.145.6.1
"
and your clients settings ?
0
 

Author Comment

by:hussain_net
ID: 9658672
Hi,

Thanks, but still i need more help.
Iam using 1 computer for squid and i want to make it as TRANSPARENT PROXY (squid) also
2 ethernets in proxy server(squid)
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 is connected to local network
ip : 192.168.20.1

and 5 computers(win9x) connected with the same network

i changed the setting in squid.confg files :-
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on httpd_accel_uses_host_header on

and   iptables

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

still iam not getting internet on client computers with transparent proxy

note :- internet is working in client computers on port 3128.
 
please help me and write fresh iptables so that i can use my clients computers on transparent proxy. and what chages i have to do in other computers.
0
Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

 
LVL 5

Expert Comment

by:brabard
ID: 9659344
"note :- internet is working in client computers on port 3128.
 
"
What do you mean ? The reason of redirecting with iptables requests from 80 to 3128 port is to transport ordinary http requests with 80 dest port through squid . I f your requests are comming with 3128 dst port , they will go to nowhere ...

But I still can't understand your sitution .
1. You said internet is not working in client mashines .
2. You said internet is working on 3128 port in client machines .
???
I am confused , please tell how you confugured the clients in details .
0
 

Author Comment

by:hussain_net
ID: 9663104
Hi,
 Sorry for confusion on my questions.
 I installed Red hat linux 8.0 in 1 computer for internet proxy server(squid). 2 ethernets eth0 and eth1 connected to this computer.
eth0  is directly connected with internet(ISP) and eth1 is for local network.
eth0 :-
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 :-
ip : 192.168.20.1

on client computers iam using win9x and connected with 192.168.20.x network.

I started squid on server
after entering proxy setting in client's browser (http 192.168.20.1 and port 3128) internet is working (on client computers).

Now my aim is - internet should working without changing browser's proxy settings. and i want to redirect 3128 traffic to local proxy.

So, what changes i have to do in squid and what could be the iptables for redirection


Hope now u know what is my problem.

Thanking you
Hussain
0
 
LVL 5

Expert Comment

by:brabard
ID: 9665412
I understood , ok .
Basicly your setting have to be right , but there are 2 possible mistakes .
First is squid is not running in transparent mode and the second is something in your iptables do not allow redirection .
Try setting proxy on browser to 192.168.20.1:80 and see if it works .
Btw , what message return the browser ?
0
 
LVL 5

Expert Comment

by:brabard
ID: 9665427
Actually , after checking the conf , I think all you need is :

http_port 192.168.20.1:10777
acl mynet src 192.168.20.0/255.255.255.0
acl world src 0.0.0.0/0.0.0.0
http_access allow mynet
http_access deny world
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
nonhierarchical_direct off

iptables -t nat -I PREROUTING -p tcp --dport 80 -s 192.168.20.0/24 -j REDIRECT --to-port 10777

Is your config the same ?
0
 

Expert Comment

by:corposemalma
ID: 10570381
I´m having the same problem on Suse 9.0

Maybe this one can help you in some way (just to change infos):
http://www.experts-exchange.com/Networking/Linux_Networking/Q_20908587.html

Sorry for the interruption...
If you solve it let me know how did you did it!  If I could solve mine I´ll tell you how  = D
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14070762
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question