LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-18-2008, 11:49 PM   #16
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled

Leave them that way. Just look at the script and use it as reference. But as I said, if clients are able to surf the net without squid then you may have to look out at this issue first.
 
Old 11-19-2008, 05:52 AM   #17
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
Dear LinuxLover,

I think I got it now! Your statement above on working on NAT helped me realise what the problem was. It turned out that I needed to put the....-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-port 3128 rule higher than giving access to the LAN.

After I did this, now I can see entries in access log, and I feel squid is working as it should.

Thanks.

Frank
 
Old 11-19-2008, 08:09 AM   #18
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
Hey guys,

It worked, thanks to you all. I used Billy's code plus the advice from LinuxLover on NATing. Thanks a million.

Frank
 
Old 11-19-2008, 08:59 AM   #19
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
Guys,

It's working, thanks for your advice.

Frank
 
Old 11-20-2008, 01:16 AM   #20
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Great ! But with squid turned off, are the clients still surfing the net as you said before? If not then you are done. Otherwise you still have some work to do.
 
Old 11-21-2008, 01:55 AM   #21
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
LinuxLover,

I think you are right. Look at my firewall rules below...

# Forward HTTP connections to Squid proxy
-A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT --to-port 3128
# Allow Internal Network Out Access
-A PREROUTING -i eth1 -j ACCEPT

Rule 1 is redirecting traffic from eth1(LAN) to Squid, while Rule 2 allows all traffic from LAN to go out. If squid is off, then rule 2 will still work. Therefore, how can I modify rule 2 to take into account Squid, in ACCEPTING traffic from eth1?

Thanks,

Frank
 
Old 11-21-2008, 09:46 AM   #22
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
What kind of internet connection do you use? And how is it connected to the squid? If we know that someone will get you to right direction.
 
Old 11-21-2008, 09:56 AM   #23
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
My network is connected via VSAT to the Internet. I have an iDirect satellite modem, which is also a router with an ethernet LAN port, and a satellite WAN port. The ethernet LAN is configured with /26 subnet of public IP addresses. I'm using one of these public IP addresses for my Linux/Proxy box as eth0.
 
Old 12-02-2008, 10:19 AM   #24
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
Hi LinuxLover,

I actually tested squid today. I switched it off and the result was that the whole network could not browse. However, Skype, MSN and Outlook were able to work.

Thought I would tell you this. I think I'm almost there.

Frank
 
Old 12-02-2008, 10:54 AM   #25
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
I do not know about skype and msn. i have never blocked them but outlook should not work as far as I have seen. Outlook will use your system default gateway to connect to internet and hence if the gateway is turned off, outlook should not connect to internet. But you should wait for some senior member to come up and correct me.
 
Old 12-02-2008, 02:57 PM   #26
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
What he's saying is that turning squid off doesn't stop those services working - which makes sense since they have nothing to do with squid.
 
Old 12-03-2008, 01:31 AM   #27
Frank Ng'andwe
Member
 
Registered: Nov 2008
Location: Lusaka, Zambia
Distribution: ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
Hi Billy,

So to you this sounds like the way it should? Browsing goes through squid, then the other services don't?

Frank
 
Old 01-19-2012, 02:21 AM   #28
securekumar
LQ Newbie
 
Registered: Jan 2010
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by Frank Ng'andwe View Post
Hi LinuxLover,

I actually tested squid today. I switched it off and the result was that the whole network could not browse. However, Skype, MSN and Outlook were able to work.

Thought I would tell you this. I think I'm almost there.

Frank
Hi Frank,

I am facing same problem... Can you show me your squid configuration and iptable rules for solve my prob. here i'm using RHEL 6 and Squid 3.1
 
Old 01-26-2012, 12:31 PM   #29
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Why not ask a question in your own new thread instead of resurrecting a 3 year old dead thread from the grave?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Transparent mode netguy2000 Linux - Networking 3 05-13-2009 08:53 AM
transparent squid gabsik Linux - Networking 3 08-10-2008 08:01 PM
transparent squid missamoune Linux - Server 2 08-10-2008 07:58 PM
Squid Transparent win32sux Linux - Networking 2 08-05-2005 12:57 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 07:09 AM


All times are GMT -5. The time now is 03:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration