+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Wireless Networks Thread, Filtering wireless with Dansguardian (ruckus and dlink) in Technical; Matt at the moment I am thinking that the only way to do this is as you say to get ...
  1. #16

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Matt at the moment I am thinking that the only way to do this is as you say to get the students or guests to input the proxy settings. Which isnt ideal hence me having ago at the transparent proxy. Hopefully I am wrong and Stuart or one of the other Ruckus experts will just point out the error of my ways ;-).

    I was expecting the Ruckus ACL to have some sort of Network Address Translation to it but it seems to just be filtering.

  2. #17

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Fingers crossed somebody will have an answer on how to do this... what I think is missing from the console, and hopefully can be included in a future update is a proxy forwarder.

    Hopefully there is a way around it!

    Cheers

    Matt

  3. #18


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Try using DHCP to push out a proxy.pac - might work for a good handful of users, the rest can type it in.

  4. #19
    Cools's Avatar
    Join Date
    Jan 2009
    Location
    Bedfordshire
    Posts
    498
    Thank Post
    24
    Thanked 62 Times in 57 Posts
    Rep Power
    25
    Iptables configuration
    Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :

    Code:
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    Here is complete shell script. Script first configure Linux system as router and forwards all http request to port 3128 (Download the fw.proxy shell script):

    Code:
    #!/bin/sh
    # squid server IP
    SQUID_SERVER="192.168.1.1"
    # Interface connected to Internet
    INTERNET="eth0"
    # Interface connected to LAN
    LAN_IN="eth1"
    # Squid port
    SQUID_PORT="8080"
    # DO NOT MODIFY BELOW
    # Clean old firewall
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    # Load IPTABLES modules for NAT and IP conntrack support
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # For win xp ftp client
    #modprobe ip_nat_ftp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # Setting default filter policy
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    # Unlimited access to loop back
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    # Allow UDP, DNS and Passive FTP
    iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
    # set this system as a router for Rest of LAN
    iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
    iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    # unlimited access to LAN
    iptables -A INPUT -i $LAN_IN -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN -j ACCEPT
    # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
    # if it is same system
    iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
    # DROP everything and Log it
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP
    Save shell script. Execute script so that system will act as a router and forward the ports:

    Code:
     chmod +x /etc/fw.proxy
     /etc/fw.proxy
     service iptables save
     chkconfig iptables on
    Start or Restart the squid:

    Code:
     /etc/init.d/squid restart
     chkconfig squid on
    Desktop / Client computer configuration
    Point all desktop clients to your eth1 IP address (192.168.2.1) as Router/Gateway (use DHCP to distribute this information). You do not have to setup up individual browsers to work with proxies.

  5. Thanks to Cools from:

    Shorty (29th August 2009)

  6. #20

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for the help Cools

    Can I just clarify is the following added too the iptables or iptable-config file ?
    Code:
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

  7. #21

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Just found this How-To for the transparent proxy

    Linux: Setup a transparent proxy with Squid in three easy steps

    I think its the full ver of Cools paste. Still unsure though if I am editing IPtables or IPtables-config.

    I had forgot the DG box only has one network cards so going to have to pop another in

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Mixing SSIDs between new Ruckus and old Dlink
    By Shorty in forum Wireless Networks
    Replies: 2
    Last Post: 26th August 2009, 09:30 AM
  2. Ruckus Managed Wireless Causing A Ruckus!
    By CPLTD in forum Our Advertisers
    Replies: 4
    Last Post: 21st August 2009, 09:25 AM
  3. Replies: 3
    Last Post: 5th February 2008, 03:31 PM
  4. Poor signal form wireless DLink PCI card.
    By tosca925 in forum Wireless Networks
    Replies: 4
    Last Post: 6th February 2007, 09:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •