transparent proxy with squid problem
Hi there!
I want to build a transparent proxy with squid under SuSE Linux 9.0. The System first: 2 NIC eth0: for internal network traffig (ip-addr: 192.168.1.1, subnetmask: 255.255.255.0) eth1: for external traffic, complete configuration over DHCP form ISP --------- All machines should get their ip-configuration form my server, so i set up an DHCPD Server. This works fine. Here the config-file (dhcpd.conf) ... option routers 192.168.1.1; option broadcast-address 192.168.1.255; option domain-name-servers 192.168.1.1; #### # I am not shure if i should use the ISPs DNS here??????? #### subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.30; } so far so good. All clients get an ip-address and an standard gateway, so they try to communicate over my linux box. Then i set up squid. I first tried with standard config. The result: When i config the clients browsers to access the internet over a proxy server (192.168.1.1 port 3128) everything works great. But i want to have an transparent proxy, so the clients donīt have to change their configuration. So i changed in squid.conf (as SuSE Handbook says) ------ httpd_accel-host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ------- Then i set up the kernel to do ip-forwarding echo 1 > /proc/sys/net/ipv4/ip_forward and gave it iptables rule iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 And now the problems start: When i type an ip-address in a clients-browser i get a squid-error page (The requested URL could not be retrieved) When i type an url, it cannot be resolved So i think i have some problems with the dns (as mentioned in the dhcp config already) i think i should add an iptables rule for the dns-servers too, but i donīt know how :Pengy: Any ideas? |
You should not have to make a iptables rule for DNS. No forwarding of DNS querries occur in this setup.
My setup at home uses the DNAT target for the transparent proxy thing. |
thanks for your help, i didn't get out what you ment :-(
but I got another solution. I set up an caching dns (with bind) just added my ISPs dns ips in the forward section of named.conf now I'm getting closer to what i want. Transparent proxy for http works now, everbypdy can surf without knowing about the linux server. (because i just want to log those M$ boxes) philipp |
i want the same setup with you as a transparent proxy, my problem is when i trying to browse "The requested URL could not be retrieved" appear..i follow your said solution by adding your ISPs dns ip, but im confused where is tje forwarding section in named.conf.
can you please give me a hint to fix and work my transparent proxy just what you did in your proxy? thanks |
do not change any named config files. just start it. it will work as a caching name server. linux and your clients can use it as a DNS server.
|
In named.conf i have the line
forwarders { 195.58.160.2;195.58.161.3;}; which are the DNS servers of my ISP. (as line in the options section) the just start bind and give the ip-address of the caching proxy (and dns) server as dns - server to your workstations. |
All times are GMT -5. The time now is 08:41 PM. |