LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-18-2004, 05:10 PM   #1
Osiris123d
LQ Newbie
 
Registered: Oct 2003
Posts: 18

Rep: Reputation: 0
Suse 9.1 and iptables


I have set up Squid and Dansguardian on one box running Suse 9.1. I had everything set up fine and it allowed me to set up users Browsers to use the server as a proxy with dansguardian listening on port 8080. What I want to do is set up a Transparent Proxy so that I don't have to configure each clients browser to point towards the proxy. I have configured Squid and Dansguardian correctly (I hope) the only problem is that I can't get iptables to work. This is what I type in

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

yet when I type in iptables -nvL it shows me this

Chain INPUT (policy ACCEPT 4800 packets, 346K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 4035 packets, 228K bytes)
pkts bytes target prot opt in out source destination



It looks like my rule didn't get put in.

Any clues would be good.
 
Old 08-18-2004, 05:50 PM   #2
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
-i eth0

I don't know what your internal interface is (your users lan) most of the time eth1 is used
 
Old 08-18-2004, 07:04 PM   #3
Osiris123d
LQ Newbie
 
Registered: Oct 2003
Posts: 18

Original Poster
Rep: Reputation: 0
I only have one ethernet card in it and its eth0.
 
Old 08-19-2004, 05:22 AM   #4
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
http_port 3128
httpd_accel_host virtual
http_accel_port 80
httpd_accel_with_proxy on

This will let Squid listen on port 80.
 
Old 08-19-2004, 09:01 AM   #5
Osiris123d
LQ Newbie
 
Registered: Oct 2003
Posts: 18

Original Poster
Rep: Reputation: 0
This is how I have Squid set up

http_port 127.0.0.1 3128
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid


This is how Dansguardian is set up

filterip = 192.168.11.2 <------this is eth0, the only nic on the machine
filterport = 8080
proxyip = 127.0.0.1
proxyport= 3128
accessdeniedaddress = 'http://192.168.11.2/cgi-bin/dansguardian.pl

If I set up my client browsers to use 192.168.11.2 and port 8080 then it WILL block bad websites, but with transparent proxy I shouldn't have to set up the clients browser. Squid and dansguardian works, thats why I think it has something to do with iptables.
 
Old 08-19-2004, 02:21 PM   #6
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
if you use http_port 127.0.0.1 3128
the -i should be lo instead of eth0
iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-port 3128
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is anything beyond iptables v1.2.11 compatible with SuSE 9.2??? mikfig SUSE / openSUSE 1 11-02-2005 11:36 PM
Iptables in Suse Sles 9.0 Mishra100 Linux - Newbie 1 01-01-2005 09:22 AM
Suse 9.1 iptables CobaltFire Linux - Networking 0 07-13-2004 02:49 AM
iptables on Suse 8.0 Loke Linux - Distributions 2 01-23-2003 04:46 PM
iptables on Suse 8.0 Sigmund Gudvang Linux - Distributions 1 10-02-2002 01:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration