Solved

Transparent Proxy

Posted on 2003-10-30
11
694 Views
Last Modified: 2010-03-18
Hi,
I am network engg (windows), but new for linux. i installed red hat linux 8.0 at one of my customer place as internet
proxy server (squid).
Now internet is working on clients machine on 3128 port.

my network is like this :-

2 ethernet on server
eth0 is directly connected to internet
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 is connected to local network
ip : 192.168.20.1

I changed in squid.conf file to

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on httpd_accel_uses_host_header on

and  

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

i done all setting on client machine, i,e;-
gateway : 192.168.20.1
subnet :203.145.6.13
             203.145.6.1

still iam not getting internet from transparent proxy server

please help me.

Hussain
{{email addr removed by jmcg during cleanup}}
0
Comment
Question by:hussain_net
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:_tack
ID: 9650996
This line changes the destionation port from 80 to 3128, it will not redirect traffic to your local proxy.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Did you read "Transparent Proxy with Linux and Squid mini-HOWTO", right?

you just missed the section 6, "Transparent Proxy to a Remote Box"

Just in case ...
http://en.tldp.org/HOWTO/TransparentProxy.html
0
 
LVL 5

Expert Comment

by:brabard
ID: 9652360
I don't clear understand the relation between this :
"subnet : 203.145.6.13
             203.145.6.1
"
and your clients settings ?
0
 

Author Comment

by:hussain_net
ID: 9658672
Hi,

Thanks, but still i need more help.
Iam using 1 computer for squid and i want to make it as TRANSPARENT PROXY (squid) also
2 ethernets in proxy server(squid)
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 is connected to local network
ip : 192.168.20.1

and 5 computers(win9x) connected with the same network

i changed the setting in squid.confg files :-
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on httpd_accel_uses_host_header on

and   iptables

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

still iam not getting internet on client computers with transparent proxy

note :- internet is working in client computers on port 3128.
 
please help me and write fresh iptables so that i can use my clients computers on transparent proxy. and what chages i have to do in other computers.
0
 
LVL 5

Expert Comment

by:brabard
ID: 9659344
"note :- internet is working in client computers on port 3128.
 
"
What do you mean ? The reason of redirecting with iptables requests from 80 to 3128 port is to transport ordinary http requests with 80 dest port through squid . I f your requests are comming with 3128 dst port , they will go to nowhere ...

But I still can't understand your sitution .
1. You said internet is not working in client mashines .
2. You said internet is working on 3128 port in client machines .
???
I am confused , please tell how you confugured the clients in details .
0
 

Author Comment

by:hussain_net
ID: 9663104
Hi,
 Sorry for confusion on my questions.
 I installed Red hat linux 8.0 in 1 computer for internet proxy server(squid). 2 ethernets eth0 and eth1 connected to this computer.
eth0  is directly connected with internet(ISP) and eth1 is for local network.
eth0 :-
IP : 62.11.48.42
gateway : 62.11.48.1
subnet : 203.145.6.13
             203.145.6.1
eth1 :-
ip : 192.168.20.1

on client computers iam using win9x and connected with 192.168.20.x network.

I started squid on server
after entering proxy setting in client's browser (http 192.168.20.1 and port 3128) internet is working (on client computers).

Now my aim is - internet should working without changing browser's proxy settings. and i want to redirect 3128 traffic to local proxy.

So, what changes i have to do in squid and what could be the iptables for redirection


Hope now u know what is my problem.

Thanking you
Hussain
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 5

Expert Comment

by:brabard
ID: 9665412
I understood , ok .
Basicly your setting have to be right , but there are 2 possible mistakes .
First is squid is not running in transparent mode and the second is something in your iptables do not allow redirection .
Try setting proxy on browser to 192.168.20.1:80 and see if it works .
Btw , what message return the browser ?
0
 
LVL 5

Expert Comment

by:brabard
ID: 9665427
Actually , after checking the conf , I think all you need is :

http_port 192.168.20.1:10777
acl mynet src 192.168.20.0/255.255.255.0
acl world src 0.0.0.0/0.0.0.0
http_access allow mynet
http_access deny world
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
nonhierarchical_direct off

iptables -t nat -I PREROUTING -p tcp --dport 80 -s 192.168.20.0/24 -j REDIRECT --to-port 10777

Is your config the same ?
0
 

Expert Comment

by:corposemalma
ID: 10570381
I´m having the same problem on Suse 9.0

Maybe this one can help you in some way (just to change infos):
http://www.experts-exchange.com/Networking/Linux_Networking/Q_20908587.html

Sorry for the interruption...
If you solve it let me know how did you did it!  If I could solve mine I´ll tell you how  = D
0
 

Expert Comment

by:corposemalma
ID: 10587413
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14070762
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now