Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
11-06-2004, 09:47 AM
|
#1
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Rep:
|
Port Redirecting Problem with Transparent Proxy
Dear All,
I have to machines running as transparent proxys at 2 different cyber cafes. Same configuracion, same network layout, same ISP. They are running Red Hat and Squid 2.5.STABLE1.
Yesterday i had to reinstall 1 of the machines, so I installed linux, copied all the configuration files from the other linux (list bellow), and restarted it.
/etc/sysctl.conf (enabled packet forwarding)
/etc/sysconfig/network-scripts/ifcfg-eth0 (dhcp internet)
/etc/sysconfig/network-scripts/ifcfg-eth1 (static network)
/etc/resolv.conf
/etc/rc.d/rc.local
/etc/squid/squid.conf
But now i have a problem, the machine connects to the internet, and to the network, but the proxy is now listening on port 3160 only, and not as a transparent proxy as it should.
If I configure any of the computers in the network to connect to the proxy to the port 3160 it works perfect. But i need it to work as a transparent proxy as I have another isp for online games and it won't work if i change ie configuration.
I tryed to redirect port (comented line in rc.local) 3160 to 80 but it dint work.
There must be something i forgot to configure but i can't find out what it is, i mean both machines should work as they have the same configuration.
In case it helps here are the contents of the files in the list.
I would really apreciate any help.
Thanks, Ezequiel
===========
/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
===========
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
USERCTL=no
USERDNS=no
TYPE=Ethernet
===========
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.0.0.255
IPADDR=192.0.0.254
NETMASK=255.255.255.0
NETWORK=192.0.0.0
ONBOOT=yes
===========
/etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 200.49.156.3
nameserver 200.49.159.69
nameserver 200.49.156.4
nameserver 24.232.0.69
===========
/etc/rc.d/rc.local
touch /var/lock/subsys/local
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_TOS
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_LOG
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3160
===========
/etc/squid/squid.conf
http_port 3160
icp_port 3160
acl QUERY urlpath_regex cgi-bin \? (url goes here but it wont let me post urls)
no_cache deny QUERY
cache_mem 32 MB
cache_dir ufs /var/spool/squid 2000 8 128
cache_log /var/log/squid/cache.log
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
logfile_rotate 10
#redirect_rewrites_host_header off
#cache_replacement_policy GDSF
acl localnet src 192.0.0.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow localnet
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all
maximum_object_size 10000 KB
store_avg_object_size 100 KB
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_mgr nixo@nixo.com.ar
cachemgr_passwd secret_password all
visible_hostname xago
log_icp_queries off
buffered_logs on
=================
|
|
|
11-06-2004, 10:54 AM
|
#2
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Can you post the output from:
iptables -nL
iptables -nL -t nat
|
|
|
11-06-2004, 11:07 AM
|
#3
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
Here they are...
========
iptables -nL
========
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 24.232.0.69 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 200.49.156.4 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 200.49.159.69 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 200.49.156.3 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x16/0x02
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable
=============
iptables -nL -t nat
=============
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
|
|
11-06-2004, 11:31 AM
|
#4
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
It looks like your redirect rule didn't work, try it again with:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3160
You may also need to allow incomming connections to port 3160.
|
|
|
11-06-2004, 12:00 PM
|
#5
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
I added all the iptables rules in rc.local manualy, and it is working now, THANKS A LOT !
Do i allways have to add them manually or just adding them to rc.local is enought ?
|
|
|
11-06-2004, 12:05 PM
|
#6
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
If you add them to rc.local then they will be run each time the system boots.
|
|
|
11-06-2004, 12:23 PM
|
#7
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
What i don't undestand is that i added them in rc.local from the begining, and rebooted several times.
Anyway , i must have done something wrong =S, much to lean yet i guess  .
Again THANK YOU very much !
|
|
|
11-06-2004, 01:31 PM
|
#8
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Can you post a copy of your rc.local file again.
|
|
|
11-06-2004, 04:40 PM
|
#9
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
Here it is
======
touch /var/lock/subsys/local
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_TOS
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_LOG
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3160
|
|
|
11-07-2004, 11:35 AM
|
#10
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Try using the full path to iptables - ie /sbin/iptables
|
|
|
11-07-2004, 12:42 PM
|
#11
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
I tryed changing the path, but nothing changes, its like rc.local is not being executed. Every time i reboot iptable's rules are lost. The only thing that works is running each line in the console manually.
|
|
|
11-07-2004, 12:46 PM
|
#12
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Try adding a command like this to rc.local:
date > /tmp/boottime
Do you get the date recorded in that file? If not then rc.local isn't being executed.
|
|
|
11-07-2004, 01:10 PM
|
#13
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
Added the line at /etc/rc.d/rc.local , rebooted , but boottime was not created.
How do i get rc.local to be executed at startup ?
Last edited by landuchi; 11-07-2004 at 03:09 PM.
|
|
|
11-08-2004, 06:44 AM
|
#14
|
Member
Registered: Oct 2004
Distribution: Debian, Ubuntu
Posts: 74
Original Poster
Rep:
|
Ok... I finally found out what the problem was.
When i copied rc.local from the other linux , some how i managed to turn it into a regular file instead or an executable file (don't ask me how =S).
Now, how do i turn it into an executable file ?
> EDIT
Found out how
chmod a=r+w+x file_name .... right ?
Problem Solved for now =)
Anyway how can i copy files betwen the linux boxes ?
Last edited by landuchi; 11-08-2004 at 07:20 AM.
|
|
|
11-08-2004, 07:09 AM
|
#15
|
Senior Member
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188
Rep:
|
read the man page of chmod to change file-dir permissions:
if ssh enabled for linux boxes (by the defult yes). u can transfer files via ssh easyly.
good luck.
|
|
|
All times are GMT -5. The time now is 08:48 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|