LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-20-2017, 03:41 PM   #1
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 46

Rep: Reputation: Disabled
Question Squid conflicts Apache on port 80


Hello there!

I have Squid running OK and getting connections from external IP addresses all right but I have run now into the following problem. The company that I work for part-time has only the 80th port open. I tried to set my Squid http_port to 80 but then it conflicts with my Apache that has web-sites hosted on the 80th port as well. Could anybody advise, please if it's possible to create an iptables rule that will grab the incoming connection from my work's static IP address let's say 1.1.1.1 that hits the 80th port and redirect it to my Squids port 3128? Will that ever work? Will this re-route the traffic from only one IP address on port 80 to port 3128, leaving Apache alone and making Squid work?

Are there perhaps any other solutions to overcome only one open port (80) and making Squid work without creating any mess with Apache that functions on the same port (80) too?

I would appreciate any comments / suggestions / pointers at all! Many thanks!

Last edited by michaelk; 03-20-2017 at 04:35 PM.
 
Old 03-21-2017, 07:26 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: Sutton, MA. USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu
Posts: 6,309
Blog Entries: 12

Rep: Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160
I'd guess that if your company has asked you to set up a web server for them that they would also support you in providing the appropriate IP ports for the use of that web server. What have they said about allowing versus dis-allowing the ports you need?
 
Old 03-21-2017, 10:27 AM   #3
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 46

Original Poster
Rep: Reputation: Disabled
Appreciate you response but it looks like you did not understand a word of what I said, rtmistler ))))

It's actually quite simple, I figured it out fairly easily. It works this way:

iptables -t nat -A PREROUTING -s 1.1.1.1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Hope this will help somone out there to bypass it as well when all the other ports except for 80 are closed / blocked.

The rule above redirects the traffic that comes from the IP address of 1.1.1.1 (example) to the 80th port and sends it over to the port number 3128. Thus, you are able to set your Squid to listen to 3128 and set your proxy in a browser you are using to use the port number 80. Done! I have it working perfectly well now :-))) That's provided the source IP address in this case is static of course.
 
Old 03-21-2017, 10:49 AM   #4
rtmistler
Moderator
 
Registered: Mar 2011
Location: Sutton, MA. USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu
Posts: 6,309
Blog Entries: 12

Rep: Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160
I understood what you wished to do and wanted to know whether or not the limitations were true technical or business decisions, and if the alternative existed to not have 3128 blocked.

Glad you found a solution. To aid future solution seekers for this type of problem, please mark the thread as solved.
 
Old 03-22-2017, 05:05 AM   #5
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 46

Original Poster
Rep: Reputation: Disabled
These are most probably business 'overkill' decisions in my opinion as being that afraid to let people use company's computers is a bit ridiculous. They have absolutely everything "on passwords", "log ins", and so on and this is not a bank to have so much protection against your 'own' employees. If they are that much security concerned they could simply remove all the computers and give their staff pens and paper instead, that would be the safest. That's a matter of trust in my understanding. But honestly speaking I do not care what they do to their IT systems, all I wanted to do was to be able to connect to the internet for my personal purposes and that's it. I do not work for their IT department so they can have it the way they wish and see fit, that's none of my business.

Yep, this is solved :-))) as per my previous post's explanations. :-)))
 
Old 03-22-2017, 01:59 PM   #6
rtmistler
Moderator
 
Registered: Mar 2011
Location: Sutton, MA. USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu
Posts: 6,309
Blog Entries: 12

Rep: Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160Reputation: 2160
I would think that this company's business decisions reflect that it is their network and they are responsible for the content which is on that network, and that their further expectations are that all use of their network is for company business only and not for someone's personal networking purposes. I don't feel it is too ridiculous of a concept to have passwords on all systems and resources, and to require logins to be able to access their systems. As you well know, given that it is their network, any personal, or personal business information of yours which you pass through their networks, they can access, they can use, and they can choose to store or divulge in any manner they see fit.
 
Old 03-22-2017, 03:10 PM   #7
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 46

Original Poster
Rep: Reputation: Disabled
Like I said it's up to them but when http is allowed and https is blocked is really beyond my understanding. I did not dig much into why it's being done this way and whose smart idea was that, I am only having a temp contract with them and they can have it the way they please.

Having said that it was the overkill in my opinion I meant to say that when I worked for a bank it was less secure and they had less passwords and restrictions internally than this truck haulage company where there is basically nothing as sensitive as money/gold in banks that has to be that much over-protected.

Anyway, this is not a business forum and I do not really care if the way they run it is good or bad. I am much more interested in Linux, administering it and web-developing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Is it possible to use squid in same ip subnet with WAN IP? Iptables Squid port problem. neopandid Linux - Server 2 03-18-2013 03:14 AM
thttpd conflicts with Apache in Arch Jani64 Linux - Server 1 09-28-2009 02:44 AM
Configuring Automatic Redirects from port 80 to port 443 with bundled Apache server kaplan71 Fedora 1 12-28-2007 09:30 AM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 01:59 AM
how to run Squid and Apache on port 80 simultaneously. gagan_fzks Linux - Networking 1 11-12-2003 06:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration