Ok a newbe to Linux and Proxy for that matter.
I am trying to accomplish Transarent Proxy and am wondering why its not working. The sake of listing my config I have a simple question.

Currently without a proxy users access the internet via a Cisco Router which is hooked up to a dedicated T1 circuit to the internet. The gateway is IP is broadcasted to my clients via DHCP.

I have configured my linux box which is running IPTables and Squid to Listen for port 80 requests and forward them onto Port 3128, squid inturn is also set up on the default port 3128.


My users are all connected to switches which are diasy chained and the gateway (cisco Rotuer) is connected via Fiber to Another whic is linked to the clients.


Switch 1 )
Switch 2 ) --------Fiber------------Switch 4 (Cisco Router) ------Internet
Switch 3 )


For whatever reason its not picking up the port 80 requests. Do i have to explictly tell the Cisco router to bounce port 80 traffic to the proxy server?

Is there another way around that?

Thanks,

Where is the linux host running squid located on your diagram?

Dumb question, but have you set your dhcp server to hand out the IP address of your linux box as being the default gateway rather than your Cisco router?

My Linux box is Sitting on a Port in Switch 2.


and No i havent told the DHCP server to hand out the IP of the Linux box, although i have tried testing it with a client and explicitly setting the default gateway to the Linux box and it didnt work. Infact the client i tested on didnt get internet at all. They get the standart Windows "Page Cannot be Displayed".

However i know the proxy works because if i set the Proxy settings in IE to the Linux box with port 3128 it works great.

I do not want to change the DHCP settings for the simple reason is i want failover. If the linux box stops responding im screwed.
I also do not want to change the Config in my Cisco router as i do not have admin rights to that box.

Can this still be done with my harsh requirements???

Oh and i forgot to mention when i setup that test client with the default gateway nothing really worked. The firewall is turned off but i may not have the Linux router working. Although that is prolly not installed, and thats probably the reason why file sharing wasnt working. The box is Fedora Core 4 and it was mainly config'd to install Squid (which is does by default i think)....man i need to get away from Windows Servers.

tolstoy := Ok i just tried setting my test client with the Gateway IP (again) of the linux and it works...my transparent proxy is working. I must have been rushing and messed up on the IP's


Ok now heres the problem, if my clients use that new Gateway they cannot access anything on a different subnet. We have two other locations that we use various services for and i cannot ping them, I can however ping all clients on my subnet.

How do i fix that??

Also is there any other way to to make my clients use the proxy server for HTTP requests without setting it in DHCP??

Because now all traffic is going through that Linux box and i would just prefer it to be port 80 traffic.

Thanks.

You can force them to use the proxy, without setting it DHCP, by setting up their proxy settings in whatever web browser you are using. This will allow you to still utilize your router as your default gateway. However, in doing this, you are no longer truely using a transparent proxy, and are making it a regular old proxy. If you go this route, you might as well just point your clients to the squid port, rather than port 80. However, if you want to set your linux box up as your default gateway, you will need to set up routing tables in it for all your remote subnets.

Hi everyone ! yours Help me !
I have been installed and configulation a Redhat Enterprice AS 4.0 for using squid proxy server for many workstation in my company! I did started squidserver with no proplem but at the user workstation no proxy transmitpass -> I don't using proxy server presen.

Thanks everyone !
I waiting for every answer form ...!!

Thanks tolstoy - so basically my options are limited, either go with setting the proxy server in the browser, although the trouble with that is we have alot of remote users. As soon as they try to access the internet outside of the company LAN they are screwed.

Or setting it in the DHCP config.
Which is basically saying my Linux box is the router for my LAN.

Man this sucks...

What about making my Cisco 1700 series router forward port 80 packets to the Proxy? How would you stop a continual loop? Does it allow for fail-over for example

Cisco - Incoming port 80 request from client
Rule 1: Forward this packet to Proxy
Rule 2: If i couldn't FWD this packet to proxy route out to Internet.

This way its forcing clients to go through the proxy and and if the proxy server dies we still have a backup plan. Plus all other traffic (other than Port 80) doesn't even touch the proxy server.

Theres one small problem ...... I don't have a clue on how to make that happen.

Help???