hey friends,
I am trying to configure Squid Transparent Proxy on Centos4.0. The eth0 is connected to the Internet and eth1 is for the LAN connection I am testing this scenario with 2 machines one machine (Centos4.0 ) on which squid is running and other machine which is debian is on the network 192.168.2.0.
Centos4.0 eth0: 192.168.1.125/24 eth1: 192.168.2.126/24
Debian: eth0: 192.168.2.83/24 gateway: 192.168.2.126/24 (eth1 of Centos)
Squid works fine if I manually add the proxy settings in any browser for the clients of network (192.168.1.0) but as I want to configure transparent proxy I have added these lines to squid.conf http_port 5678 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
iptables configuration Only one rule is there
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5678
I can access the LAN servers from the Debian machine but I am not able to access the internet.
Any pointers what can be the problem ?
Please let me know if you need any other inputs.
Thanks & Regards
Ankush Grover
I am trying to configure Squid Transparent Proxy on Centos4.0. The eth0 is connected to the Internet and eth1 is for the LAN connection I am testing this scenario with 2 machines one machine (Centos4.0 ) on which squid is running and other machine which is debian is on the network 192.168.2.0 .
Centos4.0 eth0: 192.168.1.125/24 eth1: 192.168.2.126/24
Debian: eth0: 192.168.2.83/24 gateway: 192.168.2.126/24 (eth1 of Centos)
Squid works fine if I manually add the proxy settings in any browser for the clients of network ( 192.168.1.0) but as I want to configure transparent proxy I have added these lines to squid.conf http_port 5678 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
iptables configuration Only one rule is there
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5678
Any pointers what can be the problem ?
The only difference i can see with my configuration is
iptables -A PREROUTING -t nat -s 10.1.1.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 as you can see i have the -s option enabled, i just wonder if you are creating a loop and making squid to go back to himself when "he" wants to go for the webpage?
regards,
Guillermo.
Any pointers what can be the problem ?
The only difference i can see with my configuration is
iptables -A PREROUTING -t nat -s 10.1.1.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 as you can see i have the -s option enabled, i just wonder if you are creating a loop and making squid to go back to himself when "he" wants to go for the webpage?
hey,
Thanks for the point. I had given this entry in the iptables before eliminating this entry with the entry below
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5678
only difference I can see in your command is PREROUTING is coming before nat. I will try the below and let you know the results.
iptables -A PREROUTING -t nat -s 10.1.1.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
Thanks & Regards
Ankush Grover
On 7/22/06, ankush grover ankushcentos@gmail.com wrote:
Any pointers what can be the problem ?
The only difference i can see with my configuration is
iptables -A PREROUTING -t nat -s 10.1.1.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 as you can see i have the -s option enabled, i just wonder if you are creating a loop and making squid to go back to himself when "he" wants to go for the webpage?
hey,
I change the settings for iptables below is the iptables entry
iptables -A PREROUTING -t nat -s 192.168.2.0/24 -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 5678
But still I am not able to access Internet from the 192.168.3.0/24 network. Some of the logs of iptables connection ( /proc/net/ip_connectrack)
udp 17 27 src=192.168.2.83 dst=202.54.15.30 sport=32835 dport=53 packets=2 bytes=148 [UNREPLIED] src=202.54.15.30 dst=192.168.2.83 sport=53 dport=32835 packets=0 bytes=0 use=1 tcp 6 431964 ESTABLISHED src=192.168.2.83 dst=192.168.1.125 sport=32794 dport=22 packets=1110 bytes=73521 src=192.168.1.125 dst=192.168.2.83sport=22 dport=32794 packets=940 bytes=262374 [ASSURED] use=1
Machines Configuration are below
Centos4.0 eth0: 192.168.1.125/24 eth1: 192.168.2.126/24
Debian: eth0: 192.168.2.83/24 gateway: 192.168.2.126/24 (eth1 of Centos)
I am still not able to guess which transparent proxy is not working.
Any other pointers?
Thanks & Regards
Ankush Grover
I am still not able to guess which transparent proxy is not working.
Any other pointers?
Can you see a connection being made? Check your logs, use netstat and try to connect from the command line with tcptrace or some other such proxy_aware command line application. Debugging/log-checking is always preferable to guessing.
-
ankush grover -
Guillermo Garron -
Jim Perrin