LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Suse 9.1 and iptables (https://www.linuxquestions.org/questions/linux-networking-3/suse-9-1-and-iptables-219406/)

Osiris123d 08-18-2004 05:10 PM
Suse 9.1 and iptables
 
I have set up Squid and Dansguardian on one box running Suse 9.1. I had everything set up fine and it allowed me to set up users Browsers to use the server as a proxy with dansguardian listening on port 8080. What I want to do is set up a Transparent Proxy so that I don't have to configure each clients browser to point towards the proxy. I have configured Squid and Dansguardian correctly (I hope) the only problem is that I can't get iptables to work. This is what I type in

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

yet when I type in iptables -nvL it shows me this

Chain INPUT (policy ACCEPT 4800 packets, 346K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 4035 packets, 228K bytes)
pkts bytes target prot opt in out source destination



It looks like my rule didn't get put in.

Any clues would be good.

arno 08-18-2004 05:50 PM
-i eth0

I don't know what your internal interface is (your users lan) most of the time eth1 is used

Osiris123d 08-18-2004 07:04 PM
I only have one ethernet card in it and its eth0.

arno 08-19-2004 05:22 AM
http_port 3128
httpd_accel_host virtual
http_accel_port 80
httpd_accel_with_proxy on

This will let Squid listen on port 80.

Osiris123d 08-19-2004 09:01 AM
This is how I have Squid set up

http_port 127.0.0.1 3128
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid


This is how Dansguardian is set up

filterip = 192.168.11.2 <------this is eth0, the only nic on the machine
filterport = 8080
proxyip = 127.0.0.1
proxyport= 3128
accessdeniedaddress = 'http://192.168.11.2/cgi-bin/dansguardian.pl

If I set up my client browsers to use 192.168.11.2 and port 8080 then it WILL block bad websites, but with transparent proxy I shouldn't have to set up the clients browser. Squid and dansguardian works, thats why I think it has something to do with iptables.

arno 08-19-2004 02:21 PM
if you use http_port 127.0.0.1 3128
the -i should be lo instead of eth0
iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-port 3128


All times are GMT -5. The time now is 01:00 AM.