adding firewalls nat rules
I have a centos5.3 server. I want to configure it as transparent squid proxy server. Internet is connected to eth0(192.168.0.100) and lan is connected to eth1(192.168.200.0/24) and eth1 ip is 192.168.200.1 .
I have configured it as dhcp,squid and its working fine. Now I want to configure it as a transparent,so that no one has to manually configure in browser. I just added a line Code:
http_port 3128 transparent to make it transparent. Now while adding nat rules, Quote:
Quote:
Quote:
Quote:
Quote:
Code:
iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.200.1 -p tcp --dport 80 -j DNAT --to 192.168.200.1:3128 Code:
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.200.0/24 -d 192.168.200.1 -j SNAT --to 192.168.200.1 Code:
iptables -A FORWARD -s 192.168.200.0/24 -d 192.168.200.1 -i eth1 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT Code:
iptables -A FORWARD -d 192.168.200.0/24 -s 192.168.200.1 -i eth1 -o eth1 -m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT Internet is totally blocked on eth1. And after stopping the firewall the internet comes. |
Hi,
Hope this helps you # squid server IP SQUID_SERVER="192.168.1.1" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="3128" # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT |
Add redirect rule and check.
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 |
Now packets are coming to 192.168.0.100 but without specifying the port(3128) and IP(192.168.200.1) in Client systems , no packet is coming.
|
Didn't get, what are you trying to say?
|
Quote:
I want the packets come to client machine without mentioning the port(3128) and ip(192.168.200.1) in the client's browser. |
|
Quote:
|
what is your client's default gateway ?
also post squid config and iptables Code:
# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d' |
Quote:
Code:
acl manager proto cache_object Code:
target prot opt source destination |
Are you able to ping any server( ping google.com) from your client?
|
Quote:
|
where is acl rule and http_access rule for 192.168.200.0 network?
Quote:
Regards, |
Quote:
Quote:
|
add both ip in acl rule in squid.conf
Code:
acl mylan src 192.168.0.100 192.168.200.0/24 Code:
# echo 1 > /proc/sys/net/ipv4/ip_forward Code:
#iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT |
Quote:
|
Quote:
iptables -P INPUT DROP iptables -P FORWARD DROP Also see that DNS is configured properly!Configuring caching dns (with bind)will help you! |
All times are GMT -5. The time now is 07:17 PM. |