+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 47
*nix Thread, Squid transparent proxying in Technical; Originally Posted by rreynolds24 do you need to do a Code: echo 1 > /proc/sys/net/ipv4/ip_forward perhaps? did that fix it?...
  1. #31
    mitcheln's Avatar
    Join Date
    Dec 2005
    Posts
    54
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by rreynolds24 View Post
    do you need to do a
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    perhaps?
    did that fix it?

  2. #32
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30
    You need to create and IP tables rule to route the traffic. You need to specify which is INBOUND and which is OUTBOUND. Otherwise it just won't go.

    P.s. and if its transparent. Good luck getting HTTPS working. :/

  3. #33
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.3:3128
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    Replace 192.168.1.3:3128 with your Squid Server IP:PORT (I think I typed/read it right)

    Using the statement that eth1 is LAN <INTO> SQUID & eth0 is WEB <INTO> SQUID

  4. Thanks to ahuxham from:

    MK-2 (23rd May 2008)

  5. #34
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30
    Originally Posted by rreynolds24
    do you need to do a
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    perhaps?

    IIRC. The above only fixes Windows XP FTP Support through Squid

  6. #35

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    with regards doing the iptables bit.
    if i say that all port 80 traffic is redirected to external card on port 3128, where does dansguardian come into this?
    doesn't that listen on port 80 for traffic, so would it go to that then get forwarded, or does this iptables bit cancel out dansguardian listening to any traffic?

  7. #36

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    If your running dansguardian + squid on your proxy you need to chain them together so dansguardian uses squid as it's upstream proxy. eg:

    Client -> eth0:8080 -> Dansguardian -> localhost:3128 -> Squid -> eth1:Internet/LEA proxy

  8. Thanks to Geoff from:

    MK-2 (23rd May 2008)

  9. #37

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Geoff I had a feeling it was that after doing some reading.
    So instead of forwarding iptables to port 3128 I'd redirect to 8080 for DansG and let the programs do the rest of the forwarding?
    So it would be :
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.2:8080

    that way any traffic coming in on eth1 (the internal card) port 80 is forwarded to eth0 (external card) port 8080 where DG will do the filtering then pass it on to squid which will pass it through to the internet?
    Am I right in my thinking there?

    Also, so that the server still has access to the net, I can just forward that to squid or the router can't i?
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

  10. #38

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Looks ok to me.

  11. #39

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Thank you

    What would happen to incoming traffic? As if I disable the eth1 card, I can vnc and ssh on to the server. If I enable both, I can't see the server remotely.
    Would those iptables lines sort it or do I need something else?
    I have the BT router forwarding ssh and vnc to eth0 on correct ports and it works when eth1 isn't operating. Plug in eth1 and it goes wrong.

    I'll go put these iptables lines in and see where I get anyway, cheers again Geoff

  12. #40

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Quote Originally Posted by MK-2 View Post
    Thank you

    What would happen to incoming traffic? As if I disable the eth1 card, I can vnc and ssh on to the server. If I enable both, I can't see the server remotely.
    Would those iptables lines sort it or do I need something else?
    I have the BT router forwarding ssh and vnc to eth0 on correct ports and it works when eth1 isn't operating. Plug in eth1 and it goes wrong.

    I'll go put these iptables lines in and see where I get anyway, cheers again Geoff
    Is the firewall dropping incoming packets on eth1?

  13. #41

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    definitely getting somewhere with it, haven't enabled transparency yet, butwhen i go on the server, put in the proxy in firefox and go online, it will wait a bit then show a squid error page saying no route to host, but has the correct IP of the external page.

    what should i be looking at in squid for it to get the route to host, or in ubuntu networking?
    would i need the 192.168.1.2 (eth0) card to have gateway of 192.168.1.1 (bt router)
    what should i set the eth1 gateway to (the ip is 192.168.2.1)

    at least i can access it remotely now so can get a bit done here instead.

  14. #42

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Your default gateway needs to be the bt router.
    you need a network route out via eth0 to the 192.168.1.0/24 network.
    You need a network route out via eth1 to the 192.168.2.0/24 network.

  15. #43

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    where would i set all that?
    i know it sounds stupid, but all i know about is /etc/network/interfaces and even in that i dont know all the options

    sorry for being simple

  16. #44

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    post the output of 'route' please.

  17. #45

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
    localnet * 255.255.255.0 U 0 0 0 eth0
    link-local * 255.255.0.0 U 1000 0 0 eth0
    default voyager220v.hom 0.0.0.0 UG 100 0 0 eth0

    and route -n is:

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
    0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Transparent squid + local IP addresses
    By jonathan.lees in forum *nix
    Replies: 1
    Last Post: 2nd December 2007, 01:20 AM
  2. Squid Transparent
    By Jackd in forum *nix
    Replies: 5
    Last Post: 10th October 2007, 02:12 PM
  3. Reverse proxying SSH...
    By Joedetic in forum Wireless Networks
    Replies: 7
    Last Post: 6th August 2007, 11:56 AM
  4. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 06:54 PM
  5. Reverse Proxying with Apache.
    By maniac in forum Web Development
    Replies: 7
    Last Post: 5th April 2007, 11:04 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •