Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For a project I want to run a Squid (proxy server).
I use CentOS7.
This server becomes a transparent proxy server. So: incoming and outgoing port is port 80. This server therefore only has a cache (2000 Mb) function of many visited sites.
The internet traffic from the workstation must go via the proxy server.
How do I configure this?
Good morning,
For a project I want to run a Squid (proxy server). I use CentOS7. This server becomes a transparent proxy server. So: incoming and outgoing port is port 80. This server therefore only has a cache (2000 Mb) function of many visited sites. The internet traffic from the workstation must go via the proxy server. How do I configure this?
What have you done/tried so far?? There are MANY how-to guides on how to install and configure Squid on CentOS...which ones have you read and where are you stuck?? We're happy to help, but you need to read the "Question Guidelines" link in my posting signature; doing basic research should be done before posting. Putting "how to configure squid as transparent proxy" into Google pulls up what you need.
We can help with specific questions, but please don't ask us to look up guides for you.
What's getting wrong, is somebody able to help me??
Again:
What HAVE YOU DONE so far???
What guides/tutorials did you follow??
And don't post screen-shots, but put the text in CODE blocks, so people can actually read it. AGAIN, there are MANY tutorials you can find, and I even GAVE YOU a search term in my first reply, that pulls up an exact tutorial as the VERY FIRST HIT. And if you went on to search for how to configure the squid cache size, you could find that too.
We are happy to HELP you, but you have to actually provide details and information when asked.
The proxy server is working if we set it manually on our windows clients, but our project says it has to be transparent.
We are using Iptables as our firewall. Our linux server has 2 NIC's. One connected to the internet (ens33) and one connected to the LAN (10.3.10.2)
We need to portforward traffic comming in on the LAN NIC port 80 to 3128 (squid port)
We tried alot of iptable rules. A few you can see below:
# squid server IP
SQUID_SERVER="10.3.10.2"
# Interface connected to Internet
INTERNET="ens33"
# Interface connected to LAN
LAN_IN="ens37"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j accept
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i ens33 -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface ens33 -j MASQUARDE
iptables --append FORWARD --in-interface ens37 -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i ens37 -j ACCEPT
iptables -A OUTPUT -o ens37 -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 (3128) aka transparent proxy
iptables -t nat -A PREROUTING -i ens37 -p tcp --dport 80 -j DNAT --to 10.3.10.2:3128
# if it is same system
iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT --to-port 3128
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Which give the following errors:
iptables: Bad policy name. Run `dmesg' for more information.
iptables: Bad policy name. Run `dmesg' for more information.
iptables v1.4.21: Invalid target name `ACCEPT
'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Invalid target name `ACCEPT
'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Invalid target name `ACCEPT
'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Invalid target name `MASQUARDE
Hello,
The proxy server is working if we set it manually on our windows clients, but our project says it has to be transparent. We are using Iptables as our firewall. Our linux server has 2 NIC's. One connected to the internet (ens33) and one connected to the LAN (10.3.10.2) We need to portforward traffic comming in on the LAN NIC port 80 to 3128 (squid port)
We tried alot of iptable rules.
A few you can see below:
Code:
# squid server IP
SQUID_SERVER="10.3.10.2"
# Interface connected to Internet
INTERNET="ens33"
# Interface connected to LAN
LAN_IN="ens37"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j accept
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i ens33 -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface ens33 -j MASQUARDE
iptables --append FORWARD --in-interface ens37 -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i ens37 -j ACCEPT
iptables -A OUTPUT -o ens37 -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 (3128) aka transparent proxy
iptables -t nat -A PREROUTING -i ens37 -p tcp --dport 80 -j DNAT --to 10.3.10.2:3128
# if it is same system
iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT --to-port 3128
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Which give the following errors:
Code:
iptables: Bad policy name. Run `dmesg' for more information.
iptables: Bad policy name. Run `dmesg' for more information.
iptables v1.4.21: Invalid target name `ACCEPT
'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Invalid target name `ACCEPT
'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Invalid target name `ACCEPT
'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Invalid target name `MASQUARDE
[/QUOTE]
Ok, so **AGAIN**:
Post things in CODE tags, so they can be read easily
Which tutorials did you follow????
Did you actually *DO* anything that the system told you?? Look at iptables -h? Run dmesg?
Did you, AGAIN, put the exact search-term in that I gave you already, and READ THE LINKS??? AGAIN, the first link has a complete set of iptables rules, along with other instructions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.