LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-20-2003, 09:46 AM   #1
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Rep: Reputation: 0
Question Redhat Squid gateway with dual NICs


i wanna setup squid gateway using redhat 9 with 2 nics.
the network setup is as follows:

Internet
|
|
Firewall (192.168.1.1)
|
|
|
Squid Proxy (192.168.1.2)
|
|
|
LAN (user)

On the Squid gateway i have 2 nics, howto setup up these nics to configure as a squid gateway for LAN users.

i want my users to pass thur this gateway for internet, so i can avoid Intusion etc. for security reasons and also monitor net traffic. i want to give one nic the ip as 192.168.1.2 and the other as 192.168.0.2

is this a good way to subnet oris there a better alternative to this
please hepl me with this issue.

i would also want to have two squid gateways for redundancy.

thank you all.

Last edited by wrathyimp; 05-21-2003 at 12:33 AM.
 
Old 05-21-2003, 01:30 AM   #2
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
I have a similar setup but I have a public NIC and private NIC. I am using transparent proxy, redirecting all port 80 requests to 8080, Dansguardian picks up the request and forwards it to squid on port 3128 which then retrieves the requested URL. It works great and is not too complicated to setup. How are you connecting to the internet?
The redundancy sounds complicated. Maybe someone else has done this?
 
Old 05-21-2003, 01:51 AM   #3
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Original Poster
Rep: Reputation: 0
thanx for your reply

Actually i am bit confused on which eth? with have wat IP configuration... @ persent i have the following setup of the 2 nics

eth0
ip=192.168.1.2
netmask=255.255.255.0
network=192.168.1.0
brdcast=192.168.1.255
gateway=192.168.1.1

eth1
ip=192.168.0.2
netmask=255.255.255.0
network=192.168.0.0
brdcast=192.168.0.255

now which one will be my external and which in my internal?
i want this box to be after my firewall, so that all the traffic goes from this box thur the firewall and then the web

Users -->-- squid box-->-- firewall-->-- internet

users = 192.168.1.xxx
squid box = 192.168.1.2
192.168.0.2
firewall = 192.168.1.1
xxx.xxx.xxx.xxx <real ip>

from the above configuration i cant ping teh web as well as the local network, i even switched the ip configuration but still!
seems there is some silly thing that i am missing.

cmgrif can discribe ur network setup for ur squid box

thanx in advance
 
Old 05-21-2003, 02:45 PM   #4
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
Is your gateway a router/firewall that you are using to NAT to your squid gateway? I use my squid gateway as the firewall using iptables. So my eth0 is set to a public ip address and eth1 is set to private 192.168.0.1. The LAN is all on the same private subnet.
Where are you trying to ping the server from? Can you ping the ip addresses from the console? What does ifconfig display?
 
Old 05-21-2003, 03:22 PM   #5
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
You might try setting eth0 to 192.168.1.2 and eth1 to 192.168.1.3. Make sure port forwarding is enabled.
 
Old 05-22-2003, 01:07 AM   #6
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Original Poster
Rep: Reputation: 0
hi, thanx for your replies,

actually i am a newbie in linux, so i want to set this as gateway/web caching server between the users and the web; but it is behind the NAT firewall; wat do you think, is it better if i set it as firewall/gateway/web cache server or just gateway/web cache server;

for nics which should be external and internal
eth0 = 192.168.0.2
eth1 = 192.168.1.2 (gateway 192.168.1.1)

from this setup i can ping the LAN and www too;
i can ping eth1 from my win box, but cant ping eth0.

looks like i have to setup iptables to route both the nics (eth0-eth1).

howdo i config iptables, port forwarding etc.?

thanx again for your concern...
 
Old 05-22-2003, 09:28 AM   #7
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
This command will enable forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

this command will redirect all port 80 http traffic to 3128 which is the default listening port that squid uses.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

If you are not going to use transparent proxy and manually configure the proxy in the browser of each workstation you can get by with one NIC on your squid server. This is a really easy setup. No iptables is or forwarding is required. Just set the default route on the squid server to your gateway address.

Are you using DHCP or static ip? If DHCP, are you doing the DHCP from the squid server?
 
Old 05-24-2003, 01:01 AM   #8
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Original Poster
Rep: Reputation: 0
hi,
i want to set this box as a trasparent squid server for caching web adn monitoring web traffic, for this i think there will be a requirement of two nics,

so i not need any iptables?

i am totally confused???

i got the following error using the port forwarding command, the error say:
" Can't use -i with POSTROUTING "

i cant ping eth0 ( .0.2 ) from my workstation, but i can ping the LAN as well as the net from the linux box

if you can tell me step-by step how to configure my linux squid server that w'll be gr8

thanx again

Last edited by wrathyimp; 05-24-2003 at 01:26 AM.
 
Old 05-24-2003, 03:27 AM   #9
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
I am sorry about that command not working. It works on my Mandrake server. This page http://squid.visolve.com/white_papers/trans_caching.htm explains setting up transparent proxy for squid. I think it is what I followed to set mine up but has been updated.
Can you ping the .0.1 if you shutdown the iptables service? If not can you set that address to one on the same subnet as I suggested before...maybe 192.168.1.3. I don't know if that would make a difference but I would try it unless there is a reason you need it to be on the 0.1.
I am sorry if I am confusing you but I guess I am a little confused myself about your setup. what does ifconfig display? Also what does iptables -L display?
 
Old 05-24-2003, 08:30 AM   #10
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Original Poster
Rep: Reputation: 0
the result of iptables -L is:

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT --anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT --anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- ns2.qualitynet.net anywhere udp
spt:domain dpts:1025:65535
ACCEPT udp -- ns1.qualitynet.net anywhere udp spt:domain dpts:1025:65535
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable


and ifconfig shows:

eth0 Link encap:Ethernet HWaddr 00:60:08:4D11:62
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 freame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:714 (714.0 b)
Interrupt:12 Base adderess:0x220

eth1 Link encap:Ethernet HWaddr 00:60:08:4CD:62
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1486 errors:0 dropped:0 overruns:0 freame:0
TX packets:149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
RX bytes:1871855 (1.7 Mb) TX bytes:15515 (15.1 Kb)
Interrupt:7 Base adderess:0x230

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 freame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (1008.0 b) TX bytes:1008 (1008.0 b)

as per the link u gave for setting up a squid server, how do i enable config_packet, config_netfilter etc.

man, you really helped me in linux, and seems that i am gettin use to it.

thanx for all ur support.
 
Old 05-24-2003, 11:40 PM   #11
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
To verify config_packet and config_netfilter are enabled in the kernel, at the console type: cd /usr/src/linux (enter)>make xconfig (if you have xwindows loaded) or make menuconfig (if you do not have xwindows loaded) Browse through until you find the networking options. Inside the networking options section go to netfilter configuration. Inside this section I would make sure all the items have an m for modules selected. If they are not selected, let me know and Iwill point you in the right direction for re-compiling your kernel. If you cannot get to the kernel configuration, you will need to install the source code from the installation CD' s.
Can you ping eth0 yet? It appears from ifconfig that there has been no packets received (RX) and only 714 bytes transmitted (TX) Can you ping the firewall from the squid server?
 
Old 06-09-2003, 10:25 AM   #12
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Original Poster
Rep: Reputation: 0
hi, sorry for replying so late, i was out of town for this period!

i think u have lost the track, plz refer to the msgs post above to know the stage of our issues.
i have tried "make menuconfig" but it gave me an error as follows
"make: ***No rule to make target menuconfig'. Stop.
i have no xwindows loaded. it seems that i have to compile the kernel for ip masquerading to setup the IP MASQs
and i have no IDEA to compile kernels (looks a big step 4 a newbie)
i went thur some howto for compiling IP Masq but they mention "Configure_Experimental" which i cant locate on the linux box, if u can guide me in compiling the kernel for IP MASQ etc, will be gr8.

thanx again.
thanx in advance to read this post.
 
Old 06-10-2003, 04:01 AM   #13
wrathyimp
LQ Newbie
 
Registered: May 2003
Posts: 15

Original Poster
Rep: Reputation: 0
hi, back again
now i can ping the eth1 from my workstation
i have set eth1 as my gateway ip on my workstation
i can also ping yahoo from my workstation
put cant browse the pages (hhtp) seems that i have to route the port 80 and port 21 on this squid gateway.

thanx again, still....
 
Old 06-12-2003, 11:54 PM   #14
cmgrif
LQ Newbie
 
Registered: Dec 2001
Distribution: Madrake 8.0
Posts: 14

Rep: Reputation: 0
Sorry it took so long to get back with you. I went here http://www.justlinux.com/nhf/Compiling_Kernels the first time I tried to compile my kernel and found it very helpful. Make sure you have a good startup disk in case you run into trouble.
Do you have ACL's setup correctly in the squid.conf file? Do you have the proxy settings configured in the browser to the eth1 address port 3128? Back to the kernel config...I believe by default, what you need enabled to make this work is already enabled. If you did not install the source code, the command I posted to check it will not work. make menuconfig is the console (nonGUI) version. If you are in xwindows, you could use make xconfig.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gateway setting for dual NIC cards? Moonman Red Hat 4 02-02-2005 01:28 AM
Setting up Router/Default Gateway with Redhat 9.0 Tutorial bmfmyth Linux - Networking 3 08-31-2004 03:47 PM
How do I connect dual nics in firewall to the gateway? scoobadiver Linux - Newbie 3 01-12-2004 05:03 PM
setting up redhat 9 gateway? motiv8x Linux - Networking 2 09-17-2003 08:09 PM
How to setting Redhat 7.2 as gateway for Win98 dr490n Linux - Networking 1 04-29-2002 07:20 AM


All times are GMT -5. The time now is 01:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration