LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Wireless Networking (http://www.linuxquestions.org/questions/linux-wireless-networking-41/)
-   -   3 local IPs, one remote proxy server to browse internet! (http://www.linuxquestions.org/questions/linux-wireless-networking-41/3-local-ips-one-remote-proxy-server-to-browse-internet-688786/)

omidm 12-06-2008 02:26 PM

3 local IPs, one remote proxy server to browse internet!
 
Hi all,

I have a device (A) in my local network binded to 192.168.1.200.
Another device (B) in my local network it has two network interfaces,
one binded to 192.168.1.100 (B1) and another one binded to
192.168.1.150 (B2). (both IPs are in one NAT)
An internet gateway binded to 192.168.1.1 (C)
A remote server (D) with w.x.y.z IP.
And a destination host to request to (E).

Installed a squid on D and an iptables on B.
B1 is the gateway of A and B routing its packets through C by B2.

Now, I want to send requests from A to E through D.

---------------- B ---------------------------------------------
A ----> | B1 ----> B2 | -----> C -----> D (squid) -----> E
------------------------------------------------------------------

And have full access to B and D.

Really need your help.
Thanks for your further replies.

niknah 12-07-2008 08:12 AM

Ok looks fine, but what's the question? Which bit are you having problems with?

omidm 12-07-2008 12:46 PM

Thanks.

Quote:

Now, I want to send requests from A to E through D.
How can I do this?
Which rules should I add to iptables?
Is there any special configuration for squid?

Thanks again.

niknah 12-07-2008 06:37 PM

Which one of these are linux boxes?

are B1 and B2 on the same network card or different ones?

* add SNAT on B2, default route should be C
* enable ip forwarding on C
* Add an ACL in the squid.conf of D to allow C to use it.

omidm 12-07-2008 11:33 PM

All devices are Linux.

B1 and B2 could be on the same or different network cards. both are possible. exactly now I have a wired and a wireless network cards, but both of them are in one network. (192.168.1.1/24)

I wrote a lot of rules already and was not successful. If it is possible, could you please wrote iptables rules for me. (eth0 is B1 and ath0 is B2)

Thanks.

omidm 12-07-2008 11:38 PM

Sorry forgot to say
1) I have an ACL on squid and it is OK
2) Already enabled ip.forwarding on C
3) I can connect from A to E now, but without remote proxy (D) my main problem is D :(

niknah 12-08-2008 12:14 AM

Quote:

Originally Posted by omidm (Post 3367708)
Sorry forgot to say
1) I have an ACL on squid and it is OK
2) Already enabled ip.forwarding on C
3) I can connect from A to E now, but without remote proxy (D) my main problem is D :(

How are you connecting from A to D,is it via the browser's proxy settings?
Can you telnet from A to D (using the squid port)?

omidm 12-08-2008 12:41 AM

Quote:

How are you connecting from A to D,is it via the browser's proxy settings?
That is my problem.
I already connected from A to E, but not from D. (A->B1->B2->C->E)

Quote:

Can you telnet from A to D (using the squid port)?
No, I cannot. but I can browse internet!

niknah 12-08-2008 12:46 AM

can you telnet to D (using the squid port from B2 or C?

omidm 12-08-2008 12:56 AM

Sorry, squid server went down, now I access it from A, B1 and C.
And still I want to chain A, B, C, D and E :)

niknah 12-08-2008 01:04 AM

So it's ok now?
If not, you need to say where you're up to and which bit isn't connected.

omidm 12-08-2008 01:10 AM

No, it isn't.

Now I can access internet from A but not through D (proxy server).
There are only rules to forward packets from B1 to B2 to browser internet (but not through D)

I should filter packages in B, because I don't have full access to A. (A is a hand-held device that I can change its network interface IPs only)

niknah 12-08-2008 01:34 AM

If you can't change the proxy that A uses.
You'll need to setup B to do transparent proxying...
iptables -t nat -A PREROUTING -p tcp -d E -dport 80 -j DNAT --to D:3128

If E is not on port 80 change the above.

And squid needs to be setup as a transparent proxy too...
http://tldp.org/HOWTO/TransparentProxy-4.html

omidm 12-08-2008 01:59 AM

Thanks.

It returned an Error in A.
"The requested URL could not be retrieved"

In squid log file:
"GET error:invalid-request HTTP/0.0" 400 2091 "-" "-" TCP_DENIED:NONE"

An sniff packages in B with wireshark, (capital words replaced by me!):
GET / HTTP/1.1

Host: HOSTNAME
Accept-Encoding: gzip

Accept-Language: en-US

Cache-Control: max-age=0

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

User-Agent: AGENT
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7

cookie: COOKIE

in squid reply I get:
X-Squid-Error: ERR_INVALID_REQ 0

and wireshark find this request a SYN request and I don't have any HTTP GET request!

omidm 12-08-2008 02:02 AM

In above post, enters between HTTP HEADERs applied here by forum engine! (\r\n)


All times are GMT -5. The time now is 06:47 PM.