LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-29-2004, 10:35 AM   #1
philipph
LQ Newbie
 
Registered: Feb 2004
Location: Graz
Distribution: SuSE 9.0
Posts: 10

Rep: Reputation: 0
transparent proxy with squid problem


Hi there!

I want to build a transparent proxy with squid under SuSE Linux 9.0.
The System first:
2 NIC
eth0: for internal network traffig (ip-addr: 192.168.1.1, subnetmask: 255.255.255.0)
eth1: for external traffic, complete configuration over DHCP form ISP
---------
All machines should get their ip-configuration form my server, so i set up an DHCPD Server. This works fine. Here the config-file (dhcpd.conf)

...
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
option domain-name-servers 192.168.1.1;
####
# I am not shure if i should use the ISPs DNS here???????
####
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.30;
}

so far so good. All clients get an ip-address and an standard gateway, so they try to communicate over my linux box.

Then i set up squid. I first tried with standard config. The result:
When i config the clients browsers to access the internet over a proxy server (192.168.1.1 port 3128) everything works great.
But i want to have an transparent proxy, so the clients donīt have to change their configuration.
So i changed in squid.conf (as SuSE Handbook says)
------
httpd_accel-host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-------

Then i set up the kernel to do ip-forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
and gave it iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

And now the problems start:
When i type an ip-address in a clients-browser i get a squid-error page (The requested URL could not be retrieved)
When i type an url, it cannot be resolved

So i think i have some problems with the dns (as mentioned in the dhcp config already)

i think i should add an iptables rule for the dns-servers too, but i donīt know how

Any ideas?
 
Old 03-29-2004, 04:29 PM   #2
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
You should not have to make a iptables rule for DNS. No forwarding of DNS querries occur in this setup.

My setup at home uses the DNAT target for the transparent proxy thing.
 
Old 03-30-2004, 07:30 AM   #3
philipph
LQ Newbie
 
Registered: Feb 2004
Location: Graz
Distribution: SuSE 9.0
Posts: 10

Original Poster
Rep: Reputation: 0
thanks for your help, i didn't get out what you ment :-(

but I got another solution.

I set up an caching dns (with bind)
just added my ISPs dns ips in the forward section of named.conf

now I'm getting closer to what i want. Transparent proxy for http works now, everbypdy can surf without knowing about the linux server. (because i just want to log those M$ boxes)

philipp
 
Old 04-19-2004, 02:51 AM   #4
linuxboy_inside
Member
 
Registered: Oct 2003
Location: Philippines
Distribution: slackware
Posts: 37

Rep: Reputation: 15
i want the same setup with you as a transparent proxy, my problem is when i trying to browse "The requested URL could not be retrieved" appear..i follow your said solution by adding your ISPs dns ip, but im confused where is tje forwarding section in named.conf.

can you please give me a hint to fix and work my transparent proxy just what you did in your proxy?

thanks
 
Old 04-19-2004, 03:06 AM   #5
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
do not change any named config files. just start it. it will work as a caching name server. linux and your clients can use it as a DNS server.
 
Old 04-19-2004, 09:03 AM   #6
philipph
LQ Newbie
 
Registered: Feb 2004
Location: Graz
Distribution: SuSE 9.0
Posts: 10

Original Poster
Rep: Reputation: 0
In named.conf i have the line

forwarders { 195.58.160.2;195.58.161.3;};

which are the DNS servers of my ISP.

(as line in the options section)

the just start bind and give the ip-address of the caching proxy (and dns) server
as dns - server to your workstations.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WCCP and Transparent Proxy with Squid tech-ninja Linux - Networking 4 03-29-2005 10:25 AM
Squid as a transparent proxy kemplej Linux - Software 2 12-08-2004 05:00 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 06:09 AM
Squid with Transparent Proxy MarleyGPN Linux - Networking 1 08-28-2003 02:51 PM
squid transparent proxy...... hitesh_linux Linux - Networking 1 06-13-2003 03:24 AM


All times are GMT -5. The time now is 07:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration