LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-03-2009, 12:40 PM   #1
myasir_genious
Member
 
Registered: May 2009
Posts: 31

Rep: Reputation: 15
Transparent Proxy in squid not functional


I am using Fedora 9, I have compile the squid with source code, i also deleted the old RPM of squid. i then edited the squid.conf in /usr/local/squid/etc and set http_port 3128 transparent and allowed in my acl to my local network but the transparent proxy is not working. if i remove transparent proxy then squid works fine. when i try to make it transparent the squid access.log file does not show any request coming to it (no activity). i have also forwarded all the incoming traffic to squid port 3128. my port forwarding script is as under:

#squid server IP
SQUID_SERVER="192.168.5.1"
# Interface connected to Internet
INTERNET="eth1"
# Interface connected to LAN
LAN_IN="eth0"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP



Can anybody tell me why my transparent proxy is not functional.
Thanx

Last edited by myasir_genious; 06-03-2009 at 12:45 PM.
 
Old 06-04-2009, 08:57 AM   #2
battletroll
Member
 
Registered: Dec 2004
Location: Alabama
Distribution: Slackware, Solaris,Fedora, CentOS, Redhat, SGI
Posts: 65

Rep: Reputation: 18
I would look at putting all rules first then the default drop last. IP tables processes in sequential order so if it finds a drop first it drops that packet
 
Old 06-05-2009, 06:26 AM   #3
myasir_genious
Member
 
Registered: May 2009
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by battletroll View Post
I would look at putting all rules first then the default drop last. IP tables processes in sequential order so if it finds a drop first it drops that packet
I have done all that still not working. . I put the drop at the end but still the same condition

Last edited by myasir_genious; 06-05-2009 at 06:27 AM.
 
Old 06-10-2009, 02:01 PM   #4
den64
LQ Newbie
 
Registered: Jun 2009
Posts: 1

Rep: Reputation: 0
Smile transparent proxy in squid not functional

hi there,

Am no expert at what you are asking but,,,transparent proxy using squid requires that you have tproxy support compiled in your kernel and i think that if ure using the stock fedora kernel it wont be there,,,so i think you need to apply tproxy patch to a supported kernel and recompile it with tproxy supprt enabled, then you'll need to patch iptables with a tproxy patch also,, i think there are only certain versions of iptables that are supported..am not up to date with the lattest stuff out there.

That should get you started.

am glad if i was of any help

D.C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Transparent Proxy SBN Linux - Server 6 07-11-2007 03:54 AM
Squid as a transparent proxy kemplej Linux - Software 2 12-08-2004 05:00 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 06:09 AM
Squid with Transparent Proxy MarleyGPN Linux - Networking 1 08-28-2003 02:51 PM
squid transparent proxy...... hitesh_linux Linux - Networking 1 06-13-2003 03:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration