Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok problem is that when I do not set proxy setting in browser of PC 2 (since transparent proxy) PC1's eth1 do not receive any packet (when browsing) I have analysed this via tcpdump and wireshark. Even do not receive any packet on PC2's eth1 when browsing webs on PC2. But when I set proxy setting in browser both interface receives packets but it is not part of transparent proxy. I have attached squid.conf. Kindly help thanks.
Well if the issue is when you aren't setting a proxy redirect on the server and no port 80 traffic even leaves the client, then you should realize that this couldn't possibly be anything to do with with Squid at all. The main difference is that the client system would be doing the DNS resolution instead of the server, so maybe it's a DNS issue.
yes, I think I am near to solution now but not resolved still. What I did, I defined gateway client as 192.168.2.18 (squid server's eth1 on internal network). My DNS is on external network having IP 192.168.1.1, so defined client's DNS IP as 192.168.1.1. On squid server side enable IP forwarding.
Now wireshark receives packets on those interfaces unlike before. But when I browsing, browser shows "server not found" on client side.
Now problem is that DNS request reaches to internal network's gateway 192.168.2.18. but not reaches to DNS server 192.168.1.1 (DNS server is actually DSL router on external network). My web request unable to reach DNS server. When I entered googles IP (173.194.35.183) it opens google websit, but when I enters www.google.com, then server not found. kindly help Thanks
well you need to look at the network routes then. what is the architecture between your two endpoints? Are they both hanging off of the same upstream device? can you ping the dns server? when you say it's not reaching it, do you really mean that, or do you just know there is no *reply*. With these hokey little LANs a common issue is that there are no return routes back to the internal network, often requiring static internal routes to be added to the DSL routers routing table. This doesn't sit very well with being able to reach google itself though. unless that is due to the squid proxy getting involved and not requiring the routing to work there. Can you ping the google IP?
No I can't ping dns server 192.168.1.1 and google's IP via client 192.168.2.111 having gateway 192.168.2.18. Network route between these end points is like below
PC2 can ping both interfaces of PC1 bt can't ping DNS router.
I have also tried it via adding routes on PC2: route add -net 192.168.1.0/24 gw 192.168.2.18
But still can't ping DNS server and google's IP. But PC1 can ping google's IP and DNS server.
I have connected another PC on 192.168.1.0's network give it IP to 192.168.1.252 then ping from client 192.168.2.111 to 192.168.1.252 initial it was unable to ping but I added routes on both end points then I was able to receive ping reply from 192.168.1.252 to 192.168.2.111.
But I have no access/permission to access DSL router. I want to use squid proxy to redirect my web request to DSL router (is it possible for my scenario?)
I'll say it's the return route then. The DSL router is on 192.168.1.0/24 so all hosts on that network work fine. But PC2 is on a network that the DSL router has no knowledge of. So you need to either put a route in the DSL router saying that 192.168.2.0/24 is reached via 192.168.1.18 or perform natting on PC1 so that traffic looks like it is coming from PC1 in the first place.
Mind you though... this is presuming you've enabled IP forwarding (routing) on PC1 in the first place... have you?? If not, there's not going to be any traffic moving *through* PC1, only to it and from it (which is fine for proxying.) Given that your goal was transparent proxying and not routing anyway, I would probably suggest you just add a simple dns server to PC1. dnsmasq is very simple to set up, and will pick up the dns servers already used by PC1 upstream. Then PC2 can query PC1 for DNS on its local subnet and jobs done.
Now successful to ping www.google.com and DNS server from PC2. Web browsing also done. But http traffic does not pass through squid proxy. what should I edit/add in above iptables line so that I am unable to pass web trafic through squid proxy?
be aware now though, that that internal machine can reach ANY external service not on port 80. E.g. a remote web proxy on port 3128 and bypass your proxy in a second.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.