LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-09-2008, 09:10 PM   #1
cksoo
LQ Newbie
 
Registered: Sep 2005
Posts: 19

Rep: Reputation: 0
Squid transparent proxy with iptables


HI,

I just setup a squid transparent proxy with iptables, however, when I check the log i found that all the proxy traffic will just take down the ip for iptables no the original traffic which come from the clients ip address.

May I know how can I over come this problem so that my proxy log will show the the original ip that traffic come from instead of the ip address for the iptables box.

thanks.
 
Old 06-12-2008, 12:33 AM   #2
ramram29
Member
 
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Blog Entries: 1

Rep: Reputation: 47
I use a combination of transparent squid, sarg and webmin to log my squid clients. Try sarg.
 
Old 06-12-2008, 04:31 AM   #3
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Rep: Reputation: 34
Well, I think you're missing an option somewhere.

Standard squid transparent proxy here (no "plugins"/redirectors installed), with IPtables redirection and I get the clients IP in all my squid logs.

I'd check that you have the right options installed for transparent proxying in squid.conf and that you are using a fairly recent version.
 
Old 06-12-2008, 04:37 AM   #4
dbmacartney
Member
 
Registered: Mar 2007
Location: London, UK
Distribution: Debian, Red Hat Enterprise, Fedora
Posts: 70

Rep: Reputation: 15
Just so I am understanding this correctly. your clients browse the internet like the below text diagram?

client>>>>Transparent Proxy(iptables redirects 80 to 8080 to be logged by squid) >>> internet gateway/modem


if this is the case, what rule are you using in IP tables to redirect port 80? You will need to add a prerouting DNAT rule so that the source IP information is maintained. A normal redirect rule will change the packet header so that the packet will appear to be coming from the transparent proxy and not the requesting client, in this situation.
 
Old 06-12-2008, 04:48 AM   #5
dbmacartney
Member
 
Registered: Mar 2007
Location: London, UK
Distribution: Debian, Red Hat Enterprise, Fedora
Posts: 70

Rep: Reputation: 15
further to my previous post. the below rule should be what you are after. However I dont have a box I can confirm this on available at the moment. I hope it helps anywawy.


iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

eth0 is the interface accepting the requests from your network.
80 is the port for standard http traffic from your clients.
8080 is the port that is configured for squid, unless you have changed it to something else to suite your environment.
 
Old 06-12-2008, 04:53 AM   #6
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Rep: Reputation: 34
Quote:
Originally Posted by dbmacartney View Post
You will need to add a prerouting DNAT rule so that the source IP information is maintained. A normal redirect rule will change the packet header so that the packet will appear to be coming from the transparent proxy and not the requesting client, in this situation.
Mmm. Okay, I don't know what the original poster has but I'm not sure this is 100% true.

I have a basic transparent proxy running into a couple of places and one in particular that I can access at the moment - it's a long time since I set this system up and I have only sparse access to it (it's a production server for a school) but I *don't* have DNAT rules, only REDIRECT's on my particular setup, although I don't doubt that they may have an effect in some configurations.

However, I do seem to have Squid 3.0STABLE1, which may make a difference, and "transparent" on the http_port line. I don't ever remember doing anything specific to make logging of IP's work on any version of squid I've used to do transparent proxying.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES for squid (Transparent proxy) kool_kid Linux - Networking 14 10-29-2007 11:45 AM
IPTABLES, SQUID, DANSGUARDIAN and Transparent Proxy metallica1973 Linux - Networking 18 09-03-2007 08:17 PM
Squid Transparent Proxy SBN Linux - Server 6 07-11-2007 04:54 AM
Squid as a transparent proxy kemplej Linux - Software 2 12-08-2004 06:00 PM
squid transparent proxy...... hitesh_linux Linux - Networking 1 06-13-2003 04:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration