[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

iptables squid transparent

Posted on 2007-08-10
4
Medium Priority
?
1,431 Views
Last Modified: 2008-01-09
hi,

Please assist what could be missing I ru nthe following script and the error was returned:
I'm trying to run squid in transparent mode.

[root@proxy ~]# ./originalproxyset.sh
Warning: wierd character in interface `-p' (No aliases, :, ! or *).
Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.


#!/bin/sh
# squid server IP

SQUID_SERVER="1.1.1.1"
INTERNET="eth0"
SQUID_PORT="3128"

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT

# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
0
Comment
Question by:FrankPorter
  • 2
4 Comments
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 19671910
Hi FrankPorter,

What's the value of SQUID_PORT (and SQUID_SERVER, while you're checking)?



Good Luck,
Kent
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 2000 total points
ID: 19672105
> iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
-i $LAN_IN
but LAN_IN variable undefined
please define it as
SQUID_SERVER="1.1.1.1"
INTERNET="eth0"
SQUID_PORT="3128"
LAN_IN="eth1" #if it's eth1, as INTERNET is set eth0
0
 

Author Comment

by:FrankPorter
ID: 19672894
ravenpl,
the error has gone away, i wonder how come the squid client isn't working for transparent mode?

#!/bin/sh
# squid server IP

SQUID_SERVER="1.1.1.1"
INTERNET="eth0"
LAN_IN="eth1"
SQUID_PORT="3128"
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# To redirect all tcp connections from port 3128 to port 8080
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 3128 -j REDIRECT --to-port 8080

# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP



Thanks
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 19672930
> the error has gone away, i wonder how come the squid client isn't working for transparent mode?
What You mean?

There's something wrong with Your filrewall rules(the second rule appeard - why?). If squid installed on same machine as firewall? Is squid on LAN side?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month18 days, 18 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question