LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Problems with Squid on a DMZ
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-12-2008, 10:29 PM   #1
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Rep: Reputation: 18
Problems with Squid on a DMZ

Hello.

I installed Squid Cache: Version 2.7.STABLE3 on Lenny which is in a box in a DMZ. This is network:


internet -------------- FIREWALL / iptables ----------- LAN
|
|
DMZ

I would like all http traffic from the LAN cached on the box in the DMZ. I set the Squid server as:

# Port Squid listens on
http_port 192.168.3.100:3128 transparent

# Access-lists (ACLs) will permit or deny hosts to access the proxy
acl lan-access src 192.168.2.0/255.255.255.0
acl lan-access src 192.168.3.0/255.255.255.0
acl localhost src 127.0.0.1
acl all src 0.0.0.0/0.0.0.0


# Access rule
http_access allow localhost
http_access allow lan-access
http_access deny all

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

cache_dir ufs /var/log/squid/cache 5000 16 256

I have this set in the firewall:

iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp \
--dport 80 -j DNAT --to-destination $SQUID_SERVER:3128


But, can't get the traffic forwarded to the dmz.

Is the Squid configuration correct?
Do I need to add another chain to the firewall?
 
Old 10-12-2008, 10:35 PM   #2
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Original Poster
Rep: Reputation: 18
The DMZ goes underneath the firewall.
 
Old 10-13-2008, 07:31 AM   #3
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Original Poster
Rep: Reputation: 18
Problem solved. I forgot to add the forward chain. Here's the solution:

echo "%%% Transparent Proxy %%%"
iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp \
--dport 80 -j DNAT --to-destination $HTTP_SERVER:3128

iptables -A FORWARD -i $LAN_IFACE -o $DMZ_IFACE -p tcp \
-s $LAN_ADDRESSES --sport $UNPRIVPORTS -d $HTTP_SERVER --dport 3128 \
-m state --state NEW -j ACCEPT
echo "... Done Transparent Proxy ..."
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPcop - dmz problems homehelp Linux - Networking 4 04-26-2010 03:14 AM
WebServer/DMZ/SQUID Secure Access metallica1973 Linux - Security 9 08-12-2008 11:25 AM
SmoothWall DMZ: problems with DHCP (i think!!??) jme Linux - Networking 8 03-12-2004 06:53 AM
Postfix, SuSEfirewall2 and DMZ problems cdeorla Linux - Security 3 09-21-2003 06:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:55 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration