LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-21-2011, 10:22 AM   #1
Nicolas1390
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Rep: Reputation: 10
Smile problem with 'Squid transparent'


Hi dear friends

I am a newbie, so forgive me for writing this
question .

I've installed the CentOS 5.5 and I have two network cards:

eth0 : 192.168.0.1 (Internal network ; 192.168.0.0/24)
eth1 : 192.168.1.2 (Directly connected to the ADSL Modem Router . PPPoe set on this modem )

default gateway : 192.168.1.1 (This is my ADSL Modem Router IP)

DNS Server : 4.2.2.2

On this system, the pptpd is also installed.
Users without problem, using a vpn to connect to the Internet. After connecting, the client IP address range is 192.168.110.0/24.

squid config :
Code:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.110.0/255.255.255.0
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow  localnet
http_access deny all
icp_access allow all
icp_access  allow  localnet
http_port 192.168.110.1:3128 transparent
hierarchy_stoplist cgi-bin ?
cache_dir ufs /usr/local/squid/var/cache/ 10000 32 512
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
visible_hostname test
iptables :
Code:
# Generated by iptables-save v1.3.5 on Thu Jul 21 18:43:50 2011
*filter
:INPUT ACCEPT [7472:1383754]
:FORWARD ACCEPT [195:45266]
:OUTPUT ACCEPT [7523:1836791]
-A INPUT -i eth1 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -i eth1 -p gre -j ACCEPT
-A FORWARD -i ppp+ -o eth1 -j ACCEPT
-A FORWARD -i eth1 -o ppp+ -j ACCEPT
COMMIT
# Completed on Thu Jul 21 18:43:50 2011
# Generated by iptables-save v1.3.5 on Thu Jul 21 18:43:50 2011
*nat
:PREROUTING ACCEPT [496:30711]
:POSTROUTING ACCEPT [112:11080]
:OUTPUT ACCEPT [113:11176]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.110.0/255.255.255.0 -d ! 192.168.1.0/255.255.255.0 -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Jul 21 18:43:50 2011
# Generated by iptables-save v1.3.5 on Thu Jul 21 18:43:50 2011
*mangle
:PREROUTING ACCEPT [13861:3499324]
:INPUT ACCEPT [7472:1383754]
:FORWARD ACCEPT [6389:2115570]
:OUTPUT ACCEPT [7523:1836791]
:POSTROUTING ACCEPT [13961:3957368]
COMMIT
# Completed on Thu Jul 21 18:43:50 2011
Users, after connecting to vpn access to the Internet without any problems, but Internet traffic does not pass the Squid!
When you give a proxy to the Web browser, Internet traffic passes through Squid !!
Why does not work without the use of proxy in Web browser?

Thank you very much dear friends
 
Old 07-23-2011, 12:32 AM   #2
Nicolas1390
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: 10
Smile Little changes

I got a series of changes , and Squid transparent is working.
The first change you see in the following line :
Code:
-A PREROUTING -i ppp+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

and Squid has a lot of changes and adjustments .

squid.conf :

Code:
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
cache_dir aufs /var/spool/squid 8192 32 512
log_fqdn off
debug_options ALL,1
refresh_pattern ^ftp: 2880 25% 10080
refresh_pattern ^gopher: 2880 0% 2880
refresh_pattern -i \.(htmx|xhtml|sxml|shtml|java|aspx|perl)$ 5760 60% 10080 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(do|asp|css|php|xml|ocx|html|chtml|phtml)$ 5760 60% 10080 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(jpg|jpe|aac|jpeg|gif|png|bmp|pic)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(mpg|mpeg|mov|avi|midi|wmv|asx|thm)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(mid|wav|mp[234]|rm|ra|ram|wma|au)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(css|js|jar|class|pdf|doc|swf|txt)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(exe|tgz|tbz|tar|gz|bz2|zip|rar|cab)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(xbm|thb|dcr|art|spl|viv|z|vrm|vrml)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(jpg|jpe|aac|jpeg|gif|png|bmp|pic)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(aif|aifc|aiff|arj|c|cpt|dir|dxr|hqx)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(lha|lzh|movie|mpe|mpga|pl|ppt|ps|qt)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(qtm|ras|sea|sit|tif|tiff|js|jsp|fla)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern http://*.windowsupdate.microsoft.com/ 300 60% 20160
refresh_pattern http://download.macromedia.com/ 300 60% 20160
refresh_pattern http://download.microsoft.com/ 300 60% 20160
refresh_pattern http://wxpsp2.microsoft.com/ 300 60% 20160
refresh_pattern http://w2ksp4.microsoft.com/ 300 60% 20160
refresh_pattern http://xpsp1.microsoft.com/ 300 60% 20160
refresh_pattern ftp://ftp.nai.com/ 300 60% 20160
refresh_pattern . 300 50% 4320
negative_ttl 5 minutes
positive_dns_ttl 24 hours
negative_dns_ttl 1 minute
cache_mgr test@test.com
cache_mem 128 MB
maximum_object_size 20 MB
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 50 KB
logfile_rotate 10
memory_pools off
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
half_closed_clients off
pid_filename /var/run/squid.pid
error_directory /etc/squid/errors
cache_log /dev/null
cache_store_log /dev/null
acl manager proto cache_object
access_log /var/log/squid/access.log squid
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.110.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow lan
http_access deny all
icp_access allow lan
http_reply_access allow lan
visible_hostname test
logfile_rotate 2
strip_query_terms off
cache_effective_user squid
iptables config :
Code:
# Generated by iptables-save v1.3.5 on Sat Jul 23 08:42:40 2011
*mangle
:PREROUTING ACCEPT [55857:20031710]
:INPUT ACCEPT [44170:13287618]
:FORWARD ACCEPT [11687:6744092]
:OUTPUT ACCEPT [53309:27846564]
:POSTROUTING ACCEPT [65048:34595834]
COMMIT
# Completed on Sat Jul 23 08:42:40 2011
# Generated by iptables-save v1.3.5 on Sat Jul 23 08:42:40 2011
*nat
:PREROUTING ACCEPT [1289:74139]
:POSTROUTING ACCEPT [786:51077]
:OUTPUT ACCEPT [786:51077]
-A PREROUTING -i ppp+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.110.0/255.255.255.0 -d ! 192.168.1.0/255.255.255.0 -o eth1 -j MASQUERADE
COMMIT
# Completed on Sat Jul 23 08:42:40 2011
# Generated by iptables-save v1.3.5 on Sat Jul 23 08:42:40 2011
*filter
:INPUT ACCEPT [44173:13287790]
:FORWARD ACCEPT [7:833]
:OUTPUT ACCEPT [53313:27847464]
-A INPUT -i eth1 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -i eth1 -p gre -j ACCEPT
-A FORWARD -i ppp+ -o eth1 -j ACCEPT
-A FORWARD -i eth1 -o ppp+ -j ACCEPT
COMMIT
# Completed on Sat Jul 23 08:42:40 2011
Currently, Internet traffic passes through Squid , without using a proxy in web browser.
But I think the squid configuration has not been properly because they are not open some sites, such as the following sites:
mail.yahoo.com

If you see problems on Iptables settings and the Squid , please tell me how to correct.


I want to apologize for my banal question.

Thanks a lot :-)

Last edited by Nicolas1390; 07-23-2011 at 12:34 AM.
 
Old 07-23-2011, 01:01 AM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Wow, thanks a lot for coming back with this detailed explanation
how you got it going. I'm sure it will prove helpful to others
in future searches.


Cheers,
Tink
 
1 members found this post helpful.
Old 07-23-2011, 02:53 AM   #4
Nicolas1390
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: 10
Smile

Thanks a lot

by the way :

Quote:
Originally Posted by Nicolas1390 View Post
But I think the squid configuration has not been properly because they are not open some sites, such as the following sites:
mail.yahoo.com
:-)
 
Old 07-25-2011, 05:22 AM   #5
Nicolas1390
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: 10
If I use the proxy in browser,mail.yahoo.com opens.
I can not open mail.yahoo.com because Squid transparent is running !

But what's the solution?

Thanks :-)
 
Old 07-25-2011, 05:42 AM   #6
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,272

Rep: Reputation: 148Reputation: 148
Have a look this post
http://www.linuxquestions.org/questi...-proxy-701710/
 
1 members found this post helpful.
Old 08-18-2011, 02:27 PM   #7
tejaaus
LQ Newbie
 
Registered: Aug 2011
Posts: 4

Rep: Reputation: Disabled
Cisco proxy redirect

Nicolas,

below guide might help you,

I have forwarded my network http traffic to my transparent squid proxy. Below guide will help all users..

Last edited by Tinkster; 08-19-2011 at 02:58 PM. Reason: link spam removed
 
Old 08-19-2011, 02:58 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by tejaaus View Post
Nicolas,

below guide might help you,

I have forwarded my network http traffic to my transparent squid proxy. Below guide will help all users..

Please don't abuse LQ for self promotion.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
transparent proxy squid: problem with the HTTPS pnguwe Linux - Networking 7 11-22-2011 09:00 AM
Problem with making transparent squid Jazlearner Linux - Server 0 07-02-2008 05:54 AM
SQUID Transparent proxy problem. sparc86 *BSD 1 04-10-2008 04:29 PM
transparent proxy with squid problem philipph Linux - Networking 5 04-19-2004 10:03 AM
transparent squid problem Steave Linux - Networking 7 05-05-2003 01:51 AM


All times are GMT -5. The time now is 11:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration