LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices


Reply
  Search this Thread
Old 12-06-2008, 03:26 PM   #1
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Rep: Reputation: 0
Question 3 local IPs, one remote proxy server to browse internet!


Hi all,

I have a device (A) in my local network binded to 192.168.1.200.
Another device (B) in my local network it has two network interfaces,
one binded to 192.168.1.100 (B1) and another one binded to
192.168.1.150 (B2). (both IPs are in one NAT)
An internet gateway binded to 192.168.1.1 (C)
A remote server (D) with w.x.y.z IP.
And a destination host to request to (E).

Installed a squid on D and an iptables on B.
B1 is the gateway of A and B routing its packets through C by B2.

Now, I want to send requests from A to E through D.

---------------- B ---------------------------------------------
A ----> | B1 ----> B2 | -----> C -----> D (squid) -----> E
------------------------------------------------------------------

And have full access to B and D.

Really need your help.
Thanks for your further replies.

Last edited by omidm; 12-06-2008 at 03:29 PM.
 
Old 12-07-2008, 09:12 AM   #2
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
Ok looks fine, but what's the question? Which bit are you having problems with?
 
Old 12-07-2008, 01:46 PM   #3
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
Thanks.

Quote:
Now, I want to send requests from A to E through D.
How can I do this?
Which rules should I add to iptables?
Is there any special configuration for squid?

Thanks again.
 
Old 12-07-2008, 07:37 PM   #4
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
Which one of these are linux boxes?

are B1 and B2 on the same network card or different ones?

* add SNAT on B2, default route should be C
* enable ip forwarding on C
* Add an ACL in the squid.conf of D to allow C to use it.
 
Old 12-08-2008, 12:33 AM   #5
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
All devices are Linux.

B1 and B2 could be on the same or different network cards. both are possible. exactly now I have a wired and a wireless network cards, but both of them are in one network. (192.168.1.1/24)

I wrote a lot of rules already and was not successful. If it is possible, could you please wrote iptables rules for me. (eth0 is B1 and ath0 is B2)

Thanks.
 
Old 12-08-2008, 12:38 AM   #6
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
Sorry forgot to say
1) I have an ACL on squid and it is OK
2) Already enabled ip.forwarding on C
3) I can connect from A to E now, but without remote proxy (D) my main problem is D
 
Old 12-08-2008, 01:14 AM   #7
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
Quote:
Originally Posted by omidm View Post
Sorry forgot to say
1) I have an ACL on squid and it is OK
2) Already enabled ip.forwarding on C
3) I can connect from A to E now, but without remote proxy (D) my main problem is D
How are you connecting from A to D,is it via the browser's proxy settings?
Can you telnet from A to D (using the squid port)?
 
Old 12-08-2008, 01:41 AM   #8
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
How are you connecting from A to D,is it via the browser's proxy settings?
That is my problem.
I already connected from A to E, but not from D. (A->B1->B2->C->E)

Quote:
Can you telnet from A to D (using the squid port)?
No, I cannot. but I can browse internet!

Last edited by omidm; 12-08-2008 at 01:48 AM.
 
Old 12-08-2008, 01:46 AM   #9
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
can you telnet to D (using the squid port from B2 or C?
 
Old 12-08-2008, 01:56 AM   #10
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
Sorry, squid server went down, now I access it from A, B1 and C.
And still I want to chain A, B, C, D and E
 
Old 12-08-2008, 02:04 AM   #11
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
So it's ok now?
If not, you need to say where you're up to and which bit isn't connected.
 
Old 12-08-2008, 02:10 AM   #12
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
No, it isn't.

Now I can access internet from A but not through D (proxy server).
There are only rules to forward packets from B1 to B2 to browser internet (but not through D)

I should filter packages in B, because I don't have full access to A. (A is a hand-held device that I can change its network interface IPs only)
 
Old 12-08-2008, 02:34 AM   #13
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
If you can't change the proxy that A uses.
You'll need to setup B to do transparent proxying...
iptables -t nat -A PREROUTING -p tcp -d E -dport 80 -j DNAT --to D:3128

If E is not on port 80 change the above.

And squid needs to be setup as a transparent proxy too...
http://tldp.org/HOWTO/TransparentProxy-4.html
 
Old 12-08-2008, 02:59 AM   #14
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
Thanks.

It returned an Error in A.
"The requested URL could not be retrieved"

In squid log file:
"GET error:invalid-request HTTP/0.0" 400 2091 "-" "-" TCP_DENIED:NONE"

An sniff packages in B with wireshark, (capital words replaced by me!):
GET / HTTP/1.1

Host: HOSTNAME
Accept-Encoding: gzip

Accept-Language: en-US

Cache-Control: max-age=0

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

User-Agent: AGENT
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7

cookie: COOKIE

in squid reply I get:
X-Squid-Error: ERR_INVALID_REQ 0

and wireshark find this request a SYN request and I don't have any HTTP GET request!
 
Old 12-08-2008, 03:02 AM   #15
omidm
LQ Newbie
 
Registered: Dec 2008
Distribution: Ubuntu 9.04 (nightly)
Posts: 14

Original Poster
Rep: Reputation: 0
In above post, enters between HTTP HEADERs applied here by forum engine! (\r\n)
 
  


Reply

Tags
iptables, network, proxy, route, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 12:25 PM
how to connect my proxy server with the local LDAP server ankuraggarwal Linux - Software 0 08-31-2007 03:17 AM
ipcop -proxy: can ping ip but cannot browse internet prue3 Linux - Networking 0 02-03-2005 09:15 AM
how to browse internet in mozilla using proxy server sanu Linux - Newbie 1 09-28-2004 04:25 AM
Updating a remote server with a local cd korozion Linux - General 4 07-15-2004 05:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking

All times are GMT -5. The time now is 07:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration