Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
12-06-2008, 03:26 PM
|
#1
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Rep:
|
3 local IPs, one remote proxy server to browse internet!
Hi all,
I have a device (A) in my local network binded to 192.168.1.200.
Another device (B) in my local network it has two network interfaces,
one binded to 192.168.1.100 (B1) and another one binded to
192.168.1.150 (B2). (both IPs are in one NAT)
An internet gateway binded to 192.168.1.1 (C)
A remote server (D) with w.x.y.z IP.
And a destination host to request to (E).
Installed a squid on D and an iptables on B.
B1 is the gateway of A and B routing its packets through C by B2.
Now, I want to send requests from A to E through D.
---------------- B ---------------------------------------------
A ----> | B1 ----> B2 | -----> C -----> D (squid) -----> E
------------------------------------------------------------------
And have full access to B and D.
Really need your help.
Thanks for your further replies.
Last edited by omidm; 12-06-2008 at 03:29 PM.
|
|
|
12-07-2008, 09:12 AM
|
#2
|
Member
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466
Rep:
|
Ok looks fine, but what's the question? Which bit are you having problems with?
|
|
|
12-07-2008, 01:46 PM
|
#3
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
Thanks.
Quote:
Now, I want to send requests from A to E through D.
|
How can I do this?
Which rules should I add to iptables?
Is there any special configuration for squid?
Thanks again.
|
|
|
12-07-2008, 07:37 PM
|
#4
|
Member
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466
Rep:
|
Which one of these are linux boxes?
are B1 and B2 on the same network card or different ones?
* add SNAT on B2, default route should be C
* enable ip forwarding on C
* Add an ACL in the squid.conf of D to allow C to use it.
|
|
|
12-08-2008, 12:33 AM
|
#5
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
All devices are Linux.
B1 and B2 could be on the same or different network cards. both are possible. exactly now I have a wired and a wireless network cards, but both of them are in one network. (192.168.1.1/24)
I wrote a lot of rules already and was not successful. If it is possible, could you please wrote iptables rules for me. (eth0 is B1 and ath0 is B2)
Thanks.
|
|
|
12-08-2008, 12:38 AM
|
#6
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
Sorry forgot to say
1) I have an ACL on squid and it is OK
2) Already enabled ip.forwarding on C
3) I can connect from A to E now, but without remote proxy (D) my main problem is D
|
|
|
12-08-2008, 01:14 AM
|
#7
|
Member
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466
Rep:
|
Quote:
Originally Posted by omidm
Sorry forgot to say
1) I have an ACL on squid and it is OK
2) Already enabled ip.forwarding on C
3) I can connect from A to E now, but without remote proxy (D) my main problem is D
|
How are you connecting from A to D,is it via the browser's proxy settings?
Can you telnet from A to D (using the squid port)?
|
|
|
12-08-2008, 01:41 AM
|
#8
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
Quote:
How are you connecting from A to D,is it via the browser's proxy settings?
|
That is my problem.
I already connected from A to E, but not from D. (A->B1->B2->C->E)
Quote:
Can you telnet from A to D (using the squid port)?
|
No, I cannot. but I can browse internet!
Last edited by omidm; 12-08-2008 at 01:48 AM.
|
|
|
12-08-2008, 01:46 AM
|
#9
|
Member
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466
Rep:
|
can you telnet to D (using the squid port from B2 or C?
|
|
|
12-08-2008, 01:56 AM
|
#10
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
Sorry, squid server went down, now I access it from A, B1 and C.
And still I want to chain A, B, C, D and E
|
|
|
12-08-2008, 02:04 AM
|
#11
|
Member
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466
Rep:
|
So it's ok now?
If not, you need to say where you're up to and which bit isn't connected.
|
|
|
12-08-2008, 02:10 AM
|
#12
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
No, it isn't.
Now I can access internet from A but not through D (proxy server).
There are only rules to forward packets from B1 to B2 to browser internet (but not through D)
I should filter packages in B, because I don't have full access to A. (A is a hand-held device that I can change its network interface IPs only)
|
|
|
12-08-2008, 02:34 AM
|
#13
|
Member
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466
Rep:
|
If you can't change the proxy that A uses.
You'll need to setup B to do transparent proxying...
iptables -t nat -A PREROUTING -p tcp -d E -dport 80 -j DNAT --to D:3128
If E is not on port 80 change the above.
And squid needs to be setup as a transparent proxy too...
http://tldp.org/HOWTO/TransparentProxy-4.html
|
|
|
12-08-2008, 02:59 AM
|
#14
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
Thanks.
It returned an Error in A.
"The requested URL could not be retrieved"
In squid log file:
"GET error:invalid-request HTTP/0.0" 400 2091 "-" "-" TCP_DENIED:NONE"
An sniff packages in B with wireshark, (capital words replaced by me!):
GET / HTTP/1.1
Host: HOSTNAME
Accept-Encoding: gzip
Accept-Language: en-US
Cache-Control: max-age=0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: AGENT
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
cookie: COOKIE
in squid reply I get:
X-Squid-Error: ERR_INVALID_REQ 0
and wireshark find this request a SYN request and I don't have any HTTP GET request!
|
|
|
12-08-2008, 03:02 AM
|
#15
|
LQ Newbie
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14
Original Poster
Rep:
|
In above post, enters between HTTP HEADERs applied here by forum engine! (\r\n)
|
|
|
All times are GMT -5. The time now is 07:05 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|