did that fix it?Quote:
Originally Posted by rreynolds24
Printable View
did that fix it?Quote:
Originally Posted by rreynolds24
You need to create and IP tables rule to route the traffic. You need to specify which is INBOUND and which is OUTBOUND. Otherwise it just won't go.
P.s. and if its transparent. Good luck getting HTTPS working. :/
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.3:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Replace 192.168.1.3:3128 with your Squid Server IP:PORT (I think I typed/read it right)
Using the statement that eth1 is LAN <INTO> SQUID & eth0 is WEB <INTO> SQUID
Originally Posted by rreynolds24
do you need to do a
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
perhaps?
IIRC. The above only fixes Windows XP FTP Support through Squid
with regards doing the iptables bit.
if i say that all port 80 traffic is redirected to external card on port 3128, where does dansguardian come into this?
doesn't that listen on port 80 for traffic, so would it go to that then get forwarded, or does this iptables bit cancel out dansguardian listening to any traffic?
If your running dansguardian + squid on your proxy you need to chain them together so dansguardian uses squid as it's upstream proxy. eg:
Client -> eth0:8080 -> Dansguardian -> localhost:3128 -> Squid -> eth1:Internet/LEA proxy
Geoff I had a feeling it was that after doing some reading.
So instead of forwarding iptables to port 3128 I'd redirect to 8080 for DansG and let the programs do the rest of the forwarding?
So it would be :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.2:8080
that way any traffic coming in on eth1 (the internal card) port 80 is forwarded to eth0 (external card) port 8080 where DG will do the filtering then pass it on to squid which will pass it through to the internet?
Am I right in my thinking there?
Also, so that the server still has access to the net, I can just forward that to squid or the router can't i?
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Looks ok to me. :)
Thank you :D
What would happen to incoming traffic? As if I disable the eth1 card, I can vnc and ssh on to the server. If I enable both, I can't see the server remotely.
Would those iptables lines sort it or do I need something else?
I have the BT router forwarding ssh and vnc to eth0 on correct ports and it works when eth1 isn't operating. Plug in eth1 and it goes wrong.
I'll go put these iptables lines in and see where I get anyway, cheers again Geoff :D
Is the firewall dropping incoming packets on eth1?Quote:
Originally Posted by MK-2
definitely getting somewhere with it, haven't enabled transparency yet, butwhen i go on the server, put in the proxy in firefox and go online, it will wait a bit then show a squid error page saying no route to host, but has the correct IP of the external page.
what should i be looking at in squid for it to get the route to host, or in ubuntu networking?
would i need the 192.168.1.2 (eth0) card to have gateway of 192.168.1.1 (bt router)
what should i set the eth1 gateway to (the ip is 192.168.2.1)
at least i can access it remotely now so can get a bit done here instead.
Your default gateway needs to be the bt router.
you need a network route out via eth0 to the 192.168.1.0/24 network.
You need a network route out via eth1 to the 192.168.2.0/24 network.
where would i set all that?
i know it sounds stupid, but all i know about is /etc/network/interfaces and even in that i dont know all the options
sorry for being simple
post the output of 'route' please.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
localnet * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
default voyager220v.hom 0.0.0.0 UG 100 0 0 eth0
and route -n is:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0