|
[ask] newbie using squid in RHEL 5
Dear All,
Sorry have to ask this newbie questions in this linux questions. I already search and using many tutorial via google, but not solve my problem.... I'm testing using RHEL 5 and Squid 2.6.STABLE6, with using 2 NIC which is 192.168.1.200 (ETH0/INTERNET) and 192.168.3.1 (ETH1/LAN). I already setup my DNS in /etc/resolv.conf ! My questions is : - When I put ETH1-off ETH0-on, I could connect to internet, but when i put ETH1-on ETH0-on, I couldn't connect to internet. Why ? Did i should route the traffic from ETH1 to ETH0 and vice versa ? - I follow each step in this link and edit line : Code:
acl intranet src 192.168.3.0/24Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128Sorry for newbie questions... Warm Regards, none-sense |
Quote:
Quote:
Quote:
Quote:
That iptables rule should be applied to your *internal interface/LAN interface*, and your LAN interface is eth1, not eth0 |
@none-sense, you must give us more precise explanation. "I could connect to internet" can mean many things. Ping, traceroute, FTP, SSH, SMTP, POP3, HTTP (Surfing) are all ways to "connect" to the internet!! So please explain:
- When you activate both NIC's, are you able to ping 8.8.8.8 from RHEL 5? - When you activate both NIC's, are you able to ping 8.8.8.8 from PC's on your LAN segment? |
@HasC & @DrLove73 :
thanks for your responds.... :) sorry, to not put correct information.... when i said can't connect to internet, it means when I ping to my DNS said network unreacheable. But when I ping to my gateway (192.168.1.1 -- Router) it said reply. In that position both ETH0 and ETH1 in active position.... But when I active ETH0 and non active ETH1, when i ping my gateway and my DNS. That's what I means, hope it clear enough.... :) Please enlighten me... :) GBU... |
I will presume you are talking about pinging your DNS from RHEL itself.
In that case, I also presume that you have put GATEWAY information on your eth1 interface (LAN) witch is incorect. Only settings to put on the LAN interface is IP and NETMASK, and deliberately OMIT GATEWAY. If you have multiple subnets on LAN segment, then use /etc/sysconfig/network-interfaces/route-eth1 file to add routing information for those subnets. If this is not the case, and this does not help, please post output of the commands "ip address" and "ip route" (you must run them as root, or "su -") and/or contents of /etc/sysconfig/network-interfaces/ifcfg-eth0 and ifcfg-eth1. |
Quote:
thank you for your advise.. now i already connect my RHEL to internet and use my RHEL to reply your posting. I change my gateway in ETH1 from 192.168.3.1(ETH1 IP Address) to 192.168.1.200 (ETH0 IP Address) ! Voila.... :) But now, after I add my laptop and using my RHEL as squid proxy, I couldn't access internet via my laptop. I already input in my laptop IP Address RHEL as proxy and using port 3128. But my laptop could access internet, did i do something wrong ? this what i do : Code:
/etc/squid/squid.conf :Code:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128Code:
# ip routeCode:
# /etc/sysconfig/network-scripts/ifcfg-eth0Code:
# /etc/sysconfig/network-scripts/ifcfg-eth1thank you so much for your attention.... :) GBU |
Delete
Quote:
Using internet connection is more then http proxy. 1. Set DNS caching server on RHEL and use RHEL LAN IP 192.168.3.1 for Primary DNS on your LAN - laptop. Secondary DNS field leave empty. This is not necessary but highly recommended. 2. Set RHEL to SNAT your local LAN segment, MASQUERADE-ing, then use Code:
ping 8.8.8.8 -t3. When pinging of internet IPs works, try pinging domain names like www.google.com to check if your DNS server is working. Bare in mind that SQUID is proxying only a part of the traffic, so you need DNS and SNAT working. |
Quote:
I could ping 8.8.8.8 and www.google.com directly from my RHEL box, but from my laptop still couldn't ping. My next job is setup DNS caching server on my RHEL box, right ? |
AND SNAT, since your laptop is reporting 192.168.3.x to the rest of the internet servers/routers, and they can/will not understand it, that is why you NEED to setup SNAT. Once you do, laptop's IP will be masked and will use RHEL's IP on the outside (internet). You might even need to activate FORWARDING.
If you have not paid for RHEL, better use ClearOS 5.x, free server/gateway/firewall/proxy based on RHEL. It has nice web interface and everiting is already set up, all you need to do is to activate what you want. Since you do not have any notion of Network, it will be VERY hard to explain to you every little detail. And frankly, I am not up to it. There are lot of documents that explain networking, even the basics. So better use ClearOS, it will be much easier. |
Quote:
I learn about network by my self and i think i need to read tons of documents about network... :) But, thank you so much for your attention and your previous link... sorry because i'm newbie in linux... :) i like to setup something from zero even it make me confuse and headache, hahaha.... that's why i learn using linux... :) GBU always... |
My learning curve with Linux networking involved ClearOS predecessor ClarkConect. While messing with that one I truly started to understand Linux networking.
|
Quote:
I already download the ClearOS and I will installed it soon as possible, and maybe if i got something wrong, i will posted.... :) Thanks for your help and attention.... :) |
| All times are GMT -5. The time now is 07:02 PM. |