LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-02-2011, 04:37 AM   #1
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Rep: Reputation: Disabled
Question squid: Don't want to set Browser's setting


As I configured squid proxy now, but i don't want to set browser's proxy settings as there is 150 clients on the windows xp.

and what is prerequisites.

Please help.

Thanku
 
Old 11-02-2011, 05:28 AM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 190Reputation: 190
You will need to configure some port forwards on the router, to transparently redirect traffic on port 80 destined for the internet, to the squid server port 3128.
 
Old 11-02-2011, 08:08 AM   #3
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Quote:
Originally Posted by anandnenwani View Post
As I configured squid proxy now, but i don't want to set browser's proxy settings as there is 150 clients on the windows xp.

and what is prerequisites.

Please help.

Thanku
do you check replies after asking questions?

http://www.linuxquestions.org/questi...orking-909475/

check your last post
 
Old 11-02-2011, 08:17 AM   #4
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
I did the same but it is accessible after changing browser's settings. and as i made those changes what u told me , but still blocked sites are accessible.

m not getting properly if everything is ok.

My eth0 has 192.168.0.59
and eth1 has 10.230.1.1

and there is my another FTP server too at 192.168.0.60 and after these am not able to access FTP from clients.


Please Help me how to do..?

Last edited by anandnenwani; 11-02-2011 at 08:24 AM.
 
Old 11-02-2011, 08:26 AM   #5
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Quote:
Originally Posted by anandnenwani View Post
I did the same but it is accessible after changing browser's settings. and as i made those changes what u told me , but still blocked sites are accessible.

m not getting properly if everything is ok.

My eth0 has 192.168.0.59
and eth1 has 10.230.1.1

Please Help me how to do..?
Code:
#cat /etc/squid/squid.conf
post the output

Code:
#iptables -L
post the output
 
Old 11-03-2011, 02:17 AM   #6
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
acl of /etc/squid/squid.conf
Quote:
acl all src 0.0.0.0/0.0.0.0
acl my_network src 192.168.0.59 10.230.1.1
acl to_my_network src 10.230.1.0
acl mp myport 3128
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blocksites url_regex "/etc/squid/block-url.acl"


# TAG: http_access
http_access deny all
http_access allow !SSL_ports
http_access deny blocksites
http_access allow manager localhost to_localhost

http_access allow !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow to_localhost

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow all
http_access allow mp
iptables -L output

Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:squid
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
and there is my FTP and http 192.168.0.60 i want to access FTP from this
This is my output ..Please reply ..Thank You
 
Old 11-13-2011, 01:38 PM   #7
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
Unhappy iptable is not forwarding port

As i posted the output of iptables as well. my iptables is still not forwarding port, and what i have to set for FTP server 192.168.x.x,

Please reply me soon..!!!
 
Old 11-13-2011, 11:50 PM   #8
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Quote:
Originally Posted by anandnenwani View Post
As i posted the output of iptables as well. my iptables is still not forwarding port, and what i have to set for FTP server 192.168.x.x,

Please reply me soon..!!!
I tried to look for a solution but the I place where I work, I can't mesh with iptables

That is the reason I didn't replied

I am sure some one will help you further
Sorry
 
Old 11-14-2011, 02:07 AM   #9
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 190Reputation: 190
You REALLY need to provide more information about your network topology.

I am guessing the host running squid, is not acting as a gateway/router to the internet? (based on the two NIC's with private IP's)
Assuming this is true, you need to create iptables/firewall rules, on the gateway/router, to redirect traffic on port 80, to the squid server, on port 3128.

This is what gives you a "transparent" proxy, where by the client machines, are unaware they are being sent through a proxy, and also saves having to configure every host to use a manual proxy configuration.
 
Old 11-14-2011, 04:07 AM   #10
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
Well Deepak Thanks for that much u told .... don't say sorry ...
 
Old 11-16-2011, 07:41 AM   #11
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
Unhappy iptable is not redirecting traffic to squid

This is My network map, I don't want to do every client's browser's settings as well. and there is my FTP/Http server i want to get access from my client's also.

as i did iptables prerouting redirect command too. but i think i m leaving something, please Reply me.
Attached Thumbnails
Click image for larger version

Name:	nET.JPG
Views:	17
Size:	10.2 KB
ID:	8391  
 
Old 11-20-2011, 12:39 AM   #12
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
Question

Quote:
Originally Posted by deep27ak View Post
I tried to look for a solution but the I place where I work, I can't mesh with iptables

That is the reason I didn't replied

I am sure some one will help you further
Sorry
I did it in OpenSuSE 11.4, and it's working but why it's not working in RHEL..??
Thank You So much Deepak
 
Old 11-21-2011, 03:57 AM   #13
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Quote:
Originally Posted by anandnenwani View Post
I did it in OpenSuSE 11.4, and it's working but why it's not working in RHEL..??
Thank You So much Deepak
It must be IPtables in that case

I guess you should start a new thread in networking thread so that other's can look after if you are not getting any response
 
Old 11-21-2011, 11:58 AM   #14
aazkan
Member
 
Registered: Jan 2008
Posts: 72

Rep: Reputation: 5
Hi,

On the host that runs the squid, can you show output for:

iptables -L -nv -t nat

also

sysctl -a|grep forward

if the squid runs on a host acting as a gateway/router it should quite straight forward, if it's not i'm guessing its still possible to transparently intercept http somehow.
 
Old 11-28-2011, 01:11 PM   #15
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
sysctl -a | grep forward
Quote:
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
iptables -L -nv -t nat
Quote:
Chain PREROUTING (policy ACCEPT 77 packets, 9535 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 211 packets, 12849 bytes)
pkts bytes target prot opt in out source destination
2 181 MASQUERADE all -- * * 10.0.0.0/24 !10.0.0.0/24
0 0 MASQUERADE all -- * * 10.0.0.0/24 10.0.0.0

Chain OUTPUT (policy ACCEPT 213 packets, 13030 bytes)
pkts bytes target prot opt in out source destination
This is the output.

I want to block IDM HTTP-GET and bittorrent. How to do it..?

Thank You Soo much
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mplayer plugins don't work with seamonkey browser bhert Linux - Software 6 09-28-2006 07:10 PM
Evolution URL's don't call browser anymore WildDrake! Linux - Software 0 03-27-2005 08:07 PM
Fedora 2 and 3 and redhat8 don't install browser by default learnfast Linux - Newbie 1 03-12-2005 12:53 AM
hyperlinks don't open browser Steel Shepherd Linux - Software 6 02-17-2004 12:11 PM
Email links don't start browser blcvegas Linux - Newbie 1 02-02-2004 04:14 PM


All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration