LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-12-2008, 11:29 PM   #1
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Rep: Reputation: 18
Problems with Squid on a DMZ


Hello.

I installed Squid Cache: Version 2.7.STABLE3 on Lenny which is in a box in a DMZ. This is network:


internet -------------- FIREWALL / iptables ----------- LAN
|
|
DMZ

I would like all http traffic from the LAN cached on the box in the DMZ. I set the Squid server as:

# Port Squid listens on
http_port 192.168.3.100:3128 transparent

# Access-lists (ACLs) will permit or deny hosts to access the proxy
acl lan-access src 192.168.2.0/255.255.255.0
acl lan-access src 192.168.3.0/255.255.255.0
acl localhost src 127.0.0.1
acl all src 0.0.0.0/0.0.0.0


# Access rule
http_access allow localhost
http_access allow lan-access
http_access deny all

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

cache_dir ufs /var/log/squid/cache 5000 16 256


I have this set in the firewall:

iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp \
--dport 80 -j DNAT --to-destination $SQUID_SERVER:3128


But, can't get the traffic forwarded to the dmz.

Is the Squid configuration correct?
Do I need to add another chain to the firewall?
 
Old 10-12-2008, 11:35 PM   #2
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Original Poster
Rep: Reputation: 18
The DMZ goes underneath the firewall.
 
Old 10-13-2008, 08:31 AM   #3
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Original Poster
Rep: Reputation: 18
Problem solved. I forgot to add the forward chain. Here's the solution:

echo "%%% Transparent Proxy %%%"
iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp \
--dport 80 -j DNAT --to-destination $HTTP_SERVER:3128

iptables -A FORWARD -i $LAN_IFACE -o $DMZ_IFACE -p tcp \
-s $LAN_ADDRESSES --sport $UNPRIVPORTS -d $HTTP_SERVER --dport 3128 \
-m state --state NEW -j ACCEPT
echo "... Done Transparent Proxy ..."
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPcop - dmz problems homehelp Linux - Networking 4 04-26-2010 04:14 AM
WebServer/DMZ/SQUID Secure Access metallica1973 Linux - Security 9 08-12-2008 12:25 PM
SmoothWall DMZ: problems with DHCP (i think!!??) jme Linux - Networking 8 03-12-2004 07:53 AM
Postfix, SuSEfirewall2 and DMZ problems cdeorla Linux - Security 3 09-21-2003 07:41 PM


All times are GMT -5. The time now is 12:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration