LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-21-2012, 02:52 AM   #1
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Rep: Reputation: Disabled
Problem in transparent proxy with squid 3.1


Assalam o Alaikum!

I am facing problem in transparent proxy with squid 3.1:

PC1: eth0: connected directly to internet having ip 192.168.1.111
eth1: connected to internal network having ip 192.168.2.111

PC2 eth1: 192.168.2.18

PC 1: having squid. I added there following iptables rules:

iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128
iptables -I INPUT 4 -p tcp –dport 3128 -m state –state NEW,ESTABLISHED -j ACCEPT
service iptables save
echo 1 > /proc/sys/net/ipv4/ip_forward

PC2:
Browser --->> www.google.com
Proxy server is refusing connections.


I have attached squid.conf in txt format please guide me. thanks
Attached Files
File Type: txt squid.txt (2.8 KB, 17 views)

Last edited by uk.engr; 06-21-2012 at 02:55 AM.
 
Old 06-21-2012, 03:34 AM   #2
Nermal
Member
 
Registered: Jan 2009
Distribution: Debian
Posts: 59
Blog Entries: 2

Rep: Reputation: 6
Hi,

Your internal network is 192.168.2.0/24.

The '/24' means that the subnet is the first 24 bit's. each number is an unsigned char (0-255) so 8 bit's each so the first 3 numbers define the network (3*8=24).

Try changing this line:
Code:
acl localnet src 192.168.0.0/24	# RFC1918 possible internal network
to:
Code:
acl localnet src 192.168.2.0/24	# RFC1918 possible internal network

Last edited by Nermal; 06-21-2012 at 03:38 AM.
 
1 members found this post helpful.
Old 06-21-2012, 03:50 AM   #3
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Ok. I have done this but still same problem
 
Old 06-21-2012, 03:53 AM   #4
Nermal
Member
 
Registered: Jan 2009
Distribution: Debian
Posts: 59
Blog Entries: 2

Rep: Reputation: 6
Did you restart squid?
 
Old 06-21-2012, 03:56 AM   #5
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Yes dear
 
Old 06-21-2012, 04:01 AM   #6
Nermal
Member
 
Registered: Jan 2009
Distribution: Debian
Posts: 59
Blog Entries: 2

Rep: Reputation: 6
Turn debugging on and it will tell you which acl is rejecting it: http://wiki.squid-cache.org/SquidFaq...ork.21__why.3F
 
Old 06-21-2012, 04:59 AM   #7
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Ok i have written this line in squid.conf debug_options ALL,1 33,2 28,9,

then tail -f /var/log/squid/cache.log > cache.log.txt

service squid restart

I have attached cache,log.txt here. kindly review this. thanks
Attached Files
File Type: txt cache.log.txt (21.4 KB, 13 views)
 
Old 06-21-2012, 05:44 PM   #8
Nermal
Member
 
Registered: Jan 2009
Distribution: Debian
Posts: 59
Blog Entries: 2

Rep: Reputation: 6
Ooo interesting.....

It looks like the NAT is eating the source address. the log is only talking about:
Code:
2012/06/21 04:32:10.846| aclIpMatchIp: '192.168.1.111:43471' NOT found
So going from memory, to fix this you need to use a dnat.
change your nat to this:
Code:
iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j DNAT --to-destination 192.168.1.111:3128
 
Old 06-22-2012, 07:16 AM   #9
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Thanks, but no success. I tried your said iptable rule. One addition thing I added in squid.conf: http_port 3128 transparent

I added "transparent". So

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.111:3128

tail -f /var/log/squid/cache.log > cache.log.txt2

service squid restart

I am unable to attach log so copying here only useful portion of log. I found this line in log:Accepting intercepted HTTP connections at 0.0.0.0:3128,

I think problem is related above line, how to avoid this?

Cache.log:

2012/06/22 07:05:22| Starting Squid Cache version 3.1.16 for i386-redhat-linux-gnu...
2012/06/22 07:05:22| Process ID 2623
2012/06/22 07:05:22| With 1024 file descriptors available
2012/06/22 07:05:22| Initializing IP Cache...
2012/06/22 07:05:22| DNS Socket created at [::], FD 7
2012/06/22 07:05:22| DNS Socket created at 0.0.0.0, FD 8
2012/06/22 07:05:22| Adding domain exp1.com from /etc/resolv.conf
2012/06/22 07:05:22| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2012/06/22 07:05:22| User-Agent logging is disabled.
2012/06/22 07:05:22| Referer logging is disabled.
2012/06/22 07:05:22| Unlinkd pipe opened on FD 13
2012/06/22 07:05:22| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2012/06/22 07:05:22| Store logging disabled
2012/06/22 07:05:22| Swap maxSize 512000 + 1024000 KB, estimated 118153 objects
2012/06/22 07:05:22| Target number of buckets: 5907
2012/06/22 07:05:22| Using 8192 Store buckets
2012/06/22 07:05:22| Max Mem size: 1024000 KB
2012/06/22 07:05:22| Max Swap size: 512000 KB
2012/06/22 07:05:22| Version 1 of swap file with LFS support detected...
2012/06/22 07:05:22| Rebuilding storage in /var/spool/squid (CLEAN)
2012/06/22 07:05:22| Using Least Load store dir selection
2012/06/22 07:05:22| Set Current Directory to /var/spool/squid
2012/06/22 07:05:22| Loaded Icons.
2012/06/22 07:05:22| Accepting intercepted HTTP connections at 0.0.0.0:3128, FD 16.
2012/06/22 07:05:22| HTCP Disabled.
2012/06/22 07:05:22| Squid plugin modules loaded: 0
2012/06/22 07:05:22| Adaptation support is off.
2012/06/22 07:05:22| Ready to serve requests.
2012/06/22 07:05:22| Done reading /var/spool/squid swaplog (1938 entries)
2012/06/22 07:05:22| Finished rebuilding storage from disk.
2012/06/22 07:05:22| 1938 Entries scanned

Last edited by uk.engr; 06-22-2012 at 07:31 AM.
 
Old 06-23-2012, 01:23 AM   #10
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Dear it works now thanks a lot for helping me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid: transparent proxy + ssl_bump causing problem in accessing https pages auny87 Linux - Server 0 04-11-2012 08:08 AM
Problem with rules in transparent squid proxy server hainguyenle89 Linux - Newbie 5 11-23-2011 02:54 AM
transparent proxy squid: problem with the HTTPS pnguwe Linux - Networking 7 11-22-2011 09:00 AM
SQUID Transparent proxy problem. sparc86 *BSD 1 04-10-2008 04:29 PM
transparent proxy with squid problem philipph Linux - Networking 5 04-19-2004 10:03 AM


All times are GMT -5. The time now is 02:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration