Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not sure what the REDIRECT statement is for. is eth0 your inside network address? and the DNAT entry uses eth1 which is confusing to me.
a transparent proxy would mean from eth0 (inside) to eth1 (outside interface) where in PREROUTING, coming in from eth0 should be DNAT to port 3128, which you do (on eth1 that is).
Then ppp0 is the device you need to use in your iptables, as eth0 is just the carrier to facilitate ppp0. ppp0 is the actual internet connection (to be verified that ppp0 obtains a public IP address once connected, and not eth0).
A 1. why 'acl all' instead of 'acl lan' as mentioned in the tutorial? - I don't imply this is an issue though.
B 2. I still don't understand why to redirect traffic coming from Internet, with dport 80 (as stated on the tutorial, as you are not running your own web server with this configuration, but okay: it should be about connection ppp0, not eth0. I think this is on error. I think you need either the DNAT, OR the REDIRECT statement, as REDIRECT effectively is the same as DNAT to localhost (the REDIRECT should have the interface of local lan (-i eth1) instead of the internet interface, though).
B 3. I would suggest using INPUT chain, to be selective on which interface it applies. I suggest you include '-i eth1' to the statement to specify it has to come from the local network. Also, the port 3128 won't be accessed by the client, rather port 80. so open up port 80 and not 3128.
As http://www.karlrupp.net/en/computer/...t-proxy-en.gif shows, you need to open port 80 on the INPUT chain on the eht1 interface (your local lan), and not port 3128. port 3128 is not accessed through the process of 'transparent proxying'.
I assume you don't configure a proxy on the client and that you are connecting to HTTP, not HTTPS.
For more reading on the differences in DNAT and REDIRECT, you could check http://www.karlrupp.net/en/computer/nat_tutorial, which I found while looking up your issue, and getting familiar with REDIRECT at all, coz I didn't know that target yet.
Please let me know if you still are unable to get this to work.
Last edited by rhoekstra; 01-10-2014 at 08:46 AM.
Reason: Open port 80 instead of 3128 (B 3)
I haven't checked this myself, is what I found on internet combined with my expertise. What I mean is when I missed an aspect, it's because I haven't actually verified this configuration.
Next to all this, consider using transparent proxy settings through the PAC standard, which about all browsers support these days, if not all..
To read about this, check http://en.m.wikipedia.org/wiki/Proxy_auto-config for a good start on the subject.
This is more flexible and incorporates automatic configuration of a browser, so a user doesn't need to know a thing, yet you can tell the browser to use the proxy. plus you can make browsers behave differently based on the url they are trying to request, may this be necessary.
Both ways should work, but I would definitely recommend going the PAC method
Now you please tell the steps to configure transparent proxy, so that we need not set proxy in my browser.
Please guide me.
Once again, as you've have been told MANY TIMES..THERE ARE NOT JUST SIRS ON THIS SITE...starting every thread with "Sir" isn't too smart. And neither is bumping your own thread with "Dear All I did not get any response yet."...you've also been asked several times to not bump your own threads.
Thank for your reply. But let me tell you one thing you please stop answering me, because what ever you replied earlier that did not work for me, So please let other experts to guide me.
Dear TB0ne
Thank for your reply. But let me tell you one thing you please stop answering me, because what ever you replied earlier that did not work for me, So please let other experts to guide me.
And just saying "did not work for me" tells us NOTHING...you don't say what you tried, what the results were, etc. You have not shown ANY EFFORT to do anything on your own, or where you got stuck. Again, saying "does not work", or "cannot connect to internet", gives ZERO DETAILS. Anything from the log files? Any client side info? What browser(s) have you tried? How to you configure them? As said to you MANY TIMES: without details, there's little anyone can help you with.
The guide you posted is VERY clear, and has step-by-step directions. If you still, after several years, can't follow step-by-step directions with examples, there's not much anyone can help you with.
AGAIN:
You have been apparently working with squid for YEARS...have you not learned ANYTHING at this point??
Can you not look up ANY of the thousands of easily-found how to guides on your own?
You keep bumping your own threads, after you've been told not to MANY times
You keep starting EVERY THREAD with "Sir"...even after being asked about THAT many times
What if someone asks you about an issue with no information about it and still want you to help?
Or if you gave them lots of idea of how to fix and they again come back and say it wont work so you stop helping?
Here's what i do raise while referring to your post:
Gave the config info but no info on how did you come to conclusion thats not working ?
what did you see and where, what logs you referred ?
dear rhoekstra
Please let know can I user dialup connection (adsl-start) to connetct internet or I have use direct connection for transparent proxy.
...and you STILL don't tell us what's not working, what symptoms, or answer ANY questions about your setup. If you're not going to provide details, then why bother posting a question? Hire someone to fix your problem, and you won't have to tell them anything.
But if you want help from the community, you're going to have to show effort of your own, and engage in the conversation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.