LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-24-2005, 12:38 PM   #1
mattsthe2
LQ Newbie
 
Registered: Oct 2005
Posts: 14

Rep: Reputation: 0
transparent proxy


Ok a newbe to Linux and Proxy for that matter.
I am trying to accomplish Transarent Proxy and am wondering why its not working. The sake of listing my config I have a simple question.

Currently without a proxy users access the internet via a Cisco Router which is hooked up to a dedicated T1 circuit to the internet. The gateway is IP is broadcasted to my clients via DHCP.

I have configured my linux box which is running IPTables and Squid to Listen for port 80 requests and forward them onto Port 3128, squid inturn is also set up on the default port 3128.


My users are all connected to switches which are diasy chained and the gateway (cisco Rotuer) is connected via Fiber to Another whic is linked to the clients.


Switch 1 )
Switch 2 ) --------Fiber------------Switch 4 (Cisco Router) ------Internet
Switch 3 )


For whatever reason its not picking up the port 80 requests. Do i have to explictly tell the Cisco router to bounce port 80 traffic to the proxy server?

Is there another way around that?

Thanks,
 
Old 10-24-2005, 01:42 PM   #2
zymurgist
Member
 
Registered: Jan 2003
Location: Long Island
Distribution: Redhat 8.0
Posts: 109

Rep: Reputation: 15
Where is the linux host running squid located on your diagram?
 
Old 10-24-2005, 08:29 PM   #3
tolstoy
LQ Newbie
 
Registered: Dec 2004
Posts: 10

Rep: Reputation: 0
Dumb question, but have you set your dhcp server to hand out the IP address of your linux box as being the default gateway rather than your Cisco router?

Last edited by tolstoy; 10-24-2005 at 08:30 PM.
 
Old 10-25-2005, 07:42 AM   #4
mattsthe2
LQ Newbie
 
Registered: Oct 2005
Posts: 14

Original Poster
Rep: Reputation: 0
My Linux box is Sitting on a Port in Switch 2.


and No i havent told the DHCP server to hand out the IP of the Linux box, although i have tried testing it with a client and explicitly setting the default gateway to the Linux box and it didnt work. Infact the client i tested on didnt get internet at all. They get the standart Windows "Page Cannot be Displayed".

However i know the proxy works because if i set the Proxy settings in IE to the Linux box with port 3128 it works great.

I do not want to change the DHCP settings for the simple reason is i want failover. If the linux box stops responding im screwed.
I also do not want to change the Config in my Cisco router as i do not have admin rights to that box.

Can this still be done with my harsh requirements???
 
Old 10-25-2005, 08:01 AM   #5
mattsthe2
LQ Newbie
 
Registered: Oct 2005
Posts: 14

Original Poster
Rep: Reputation: 0
Oh and i forgot to mention when i setup that test client with the default gateway nothing really worked. The firewall is turned off but i may not have the Linux router working. Although that is prolly not installed, and thats probably the reason why file sharing wasnt working. The box is Fedora Core 4 and it was mainly config'd to install Squid (which is does by default i think)....man i need to get away from Windows Servers.
 
Old 10-25-2005, 09:26 AM   #6
mattsthe2
LQ Newbie
 
Registered: Oct 2005
Posts: 14

Original Poster
Rep: Reputation: 0
tolstoy := Ok i just tried setting my test client with the Gateway IP (again) of the linux and it works...my transparent proxy is working. I must have been rushing and messed up on the IP's


Ok now heres the problem, if my clients use that new Gateway they cannot access anything on a different subnet. We have two other locations that we use various services for and i cannot ping them, I can however ping all clients on my subnet.

How do i fix that??

Also is there any other way to to make my clients use the proxy server for HTTP requests without setting it in DHCP??

Because now all traffic is going through that Linux box and i would just prefer it to be port 80 traffic.

Thanks.
 
Old 10-25-2005, 09:30 PM   #7
tolstoy
LQ Newbie
 
Registered: Dec 2004
Posts: 10

Rep: Reputation: 0
You can force them to use the proxy, without setting it DHCP, by setting up their proxy settings in whatever web browser you are using. This will allow you to still utilize your router as your default gateway. However, in doing this, you are no longer truely using a transparent proxy, and are making it a regular old proxy. If you go this route, you might as well just point your clients to the squid port, rather than port 80. However, if you want to set your linux box up as your default gateway, you will need to set up routing tables in it for all your remote subnets.

Last edited by tolstoy; 10-25-2005 at 09:32 PM.
 
Old 10-25-2005, 10:06 PM   #8
chimcanhcut
LQ Newbie
 
Registered: Sep 2003
Posts: 2

Rep: Reputation: 0
Hi everyone ! yours Help me !
I have been installed and configulation a Redhat Enterprice AS 4.0 for using squid proxy server for many workstation in my company! I did started squidserver with no proplem but at the user workstation no proxy transmitpass -> I don't using proxy server presen.

Thanks everyone !
I waiting for every answer form ...!!
 
Old 10-26-2005, 08:09 AM   #9
mattsthe2
LQ Newbie
 
Registered: Oct 2005
Posts: 14

Original Poster
Rep: Reputation: 0
Thanks tolstoy - so basically my options are limited, either go with setting the proxy server in the browser, although the trouble with that is we have alot of remote users. As soon as they try to access the internet outside of the company LAN they are screwed.

Or setting it in the DHCP config.
Which is basically saying my Linux box is the router for my LAN.

Man this sucks...
 
Old 10-26-2005, 08:44 AM   #10
mattsthe2
LQ Newbie
 
Registered: Oct 2005
Posts: 14

Original Poster
Rep: Reputation: 0
What about making my Cisco 1700 series router forward port 80 packets to the Proxy? How would you stop a continual loop? Does it allow for fail-over for example

Cisco - Incoming port 80 request from client
Rule 1: Forward this packet to Proxy
Rule 2: If i couldn't FWD this packet to proxy route out to Internet.

This way its forcing clients to go through the proxy and and if the proxy server dies we still have a backup plan. Plus all other traffic (other than Port 80) doesn't even touch the proxy server.

Theres one small problem ...... I don't have a clue on how to make that happen.

Help???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to transparent proxy depam Linux - Software 3 12-30-2005 12:33 PM
Transparent Proxy krock923 Linux - Networking 1 04-28-2005 06:43 PM
Apache Transparent Proxy ? ivanp Linux - Networking 0 04-22-2005 05:11 AM
Transparent Proxy ilnli Linux - Networking 3 10-18-2004 06:01 PM
Transparent Proxy vinhhv Linux - Networking 0 07-23-2003 01:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration