LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-27-2006, 09:22 AM   #16
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30

EVEN MORE SUCCESS!!

I made that correct in the rc.firewall that Alien Bob mentioned, BUT I still don't have internet access. HOWEVER, if I tell FireFox on my WinXP machine to use 192.168.2.1 port 8080 as a proxy...I HAVE internet on the XP machine. What's more, the internet content filtering through port 8080 IS being filtered by dansguardian. So, I'm closer to my goal, but not quite there. Ultimately, this machine is going to be installed as a content filter at the school I teach at. Soooooo, here are my goals that have not been met.....yet.

1. I want to avoid having to set EVERY browser on EVERY computer on the school network to use 192.168.2.1 port 8080 as a proxy. I believe what I am looking for is a transparent proxy.

Thanks for EVERYONE'S help!!!!
 
Old 05-27-2006, 09:32 AM   #17
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
Quote:
Originally Posted by tubatodd
I believe what I am looking for is a transparent proxy.
You did not enable the advanced section of that Easy Firewall Generator did you?
One of the checkmarks is "Transparent Web Proxy" and the help text for that item is:
Quote:
This option is designed to redirect outbound web requests to a proxy server running on the firewall system. This approach is called a transparent proxy because it does not require any proxy settings in the client system. If this option is selected, the port number of the proxy server on the internal interface must be entered in the Redirect Port field that will display. If no port number is entered, the firewall will not generate.
If you enter "8080" as the redirect port, then all web traffic (port 80) will be redirected to port 8080 at the firewall where your Dansguardian is listening.

Eric
 
Old 05-27-2006, 09:35 AM   #18
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Here is the very end of my rc.firewall. As far as I can tell I enabled the transparent proxy but it is not working.

Code:
# This is a sample that will exempt a specific host from the transparent proxy
#$IPT -t nat -A PREROUTING -p tcp -s 192.168.1.50 --destination-port 80 \
#     -j RETURN
#$IPT -t nat -A PREROUTING -p tcp -s 192.168.1.50 --destination-port 443 \
#     -j RETURN

# Redirect HTTP for a transparent proxy
$IPT -t nat -A PREROUTING -p tcp --destination-port 80 \
     -j REDIRECT --to-ports 8080
# Redirect HTTPS for a transparent proxy - commented by default
# $IPT -t nat -A PREROUTING -p tcp --destination-port 443 \
#     -j REDIRECT --to-ports 8080


$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
 
Old 05-27-2006, 10:26 AM   #19
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
So, the transparent proxy setup is correct already. What is the proxy program you're using on port 8080, is it Squid? It might be that you have to configure the proxy specifically for this kind of transparent proxying.
In the squid.conf file for instance, configure these options:
Code:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Eric

Last edited by Alien Bob; 05-27-2006 at 10:33 AM.
 
Old 05-27-2006, 10:44 AM   #20
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
The proxy is tinyproxy.
 
Old 05-27-2006, 10:52 AM   #21
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
Quote:
Originally Posted by tubatodd
The proxy is tinyproxy.
According to the tinyproxy build instructions, you have to explicitly add
Code:
--enable-transparent-proxy
to the configure command to let it be able to act as a transparent proxy.
Did you compile tinyproxy yourself, or did you download a binary package for it?

Eric
 
Old 05-27-2006, 11:04 AM   #22
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Alien Bob
According to the tinyproxy build instructions, you have to explicitly add
Code:
--enable-transparent-proxy
to the configure command to let it be able to act as a transparent proxy.
Did you compile tinyproxy yourself, or did you download a binary package for it?

Eric
DOH...I will rebuild, configure and install tinyproxy

Thanks for all of your help Eric!!
 
Old 05-27-2006, 11:22 AM   #23
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
ok, I recompiled tinyproxy with --enable-transparent-proxy and restarted my system. Unfortunately, I do NOT have transparent proxy access on my WinXP machine. What should I do now?
 
Old 05-27-2006, 11:28 AM   #24
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
Quote:
Originally Posted by tubatodd
DOH...I will rebuild, configure and install tinyproxy
Or download this package: http://www.slackware.com/~alien/slackbuilds/tinyproxy/

Cheers, Eric
 
Old 05-27-2006, 11:50 AM   #25
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
It still does NOT work with a transparent proxy. I have no idea what is wrong. BTW, the version 1.7.0 that you sent me the link to....it kept giving me errors.
 
Old 05-27-2006, 12:00 PM   #26
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
What errors?

When I run tinyproxy with the default unaltered configuration file, the file /var/log/tinyproxy.conf contains this:
Code:
# cat /var/log/tinyproxy.log 
INFO      May 27 18:03:01 [2427]: Initializing tinyproxy ...
INFO      May 27 18:03:01 [2427]: Setting "Via" proxy name to: tinyproxy
INFO      May 27 18:03:01 [2427]: Adding Port [443] to the list allowed by CONNECT
INFO      May 27 18:03:01 [2427]: Adding Port [563] to the list allowed by CONNECT
INFO      May 27 18:03:01 [2427]: Setting stathost to "tinyproxy.stats".
INFO      May 27 18:03:01 [2429]: Now running as group "nogroup".
INFO      May 27 18:03:01 [2429]: Now running as user "nobody".
INFO      May 27 18:03:01 [2429]: Creating child number 1 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 2 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 3 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 4 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 5 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 6 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 7 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 8 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 9 of 10 ...
INFO      May 27 18:03:01 [2429]: Creating child number 10 of 10 ...
INFO      May 27 18:03:01 [2429]: Finished creating all children.
INFO      May 27 18:03:01 [2429]: Setting the various signals.
INFO      May 27 18:03:01 [2429]: Starting main loop. Accepting connections.
Eric

Last edited by Alien Bob; 05-27-2006 at 12:04 PM.
 
Old 05-27-2006, 02:09 PM   #27
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Smile

When I run tinyproxy using the package you linked I get on screen messages in the terminal and it doesn't appear to work at all.

Here is a segment of the one screen messages
Code:
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# If not set then no rewriting occurs.
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#ReverseBaseURL "http://localhost:8888/"
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--EOF (start condition 0)
Here is my log file

Code:
INFO      May 27 13:10:04 [440]: Initializing tinyproxy ...
INFO      May 27 13:10:04 [440]: Setting "Via" proxy name to: tinyproxy
INFO      May 27 13:10:04 [440]: Adding Port [443] to the list allowed by CONNECT
INFO      May 27 13:10:04 [440]: Adding Port [563] to the list allowed by CONNECT
INFO      May 27 13:10:04 [440]: Setting stathost to "tinyproxy.stats".
INFO      May 27 13:10:04 [442]: Now running as group "nogroup".
INFO      May 27 13:10:04 [442]: Now running as user "nobody".
INFO      May 27 13:10:04 [442]: Creating child number 1 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 2 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 3 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 4 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 5 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 6 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 7 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 8 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 9 of 10 ...
INFO      May 27 13:10:04 [442]: Creating child number 10 of 10 ...
INFO      May 27 13:10:04 [442]: Finished creating all children.
INFO      May 27 13:10:04 [442]: Setting the various signals.
INFO      May 27 13:10:04 [442]: Starting main loop. Accepting connections.
I can't get the proxy working with dansguardian. If I install and run 1.6.3 from source it runs just fine.

In any event, I have 1.6.3 running on my machine and we are back to where we were before. I just need a transparent proxy.

Last edited by tubatodd; 05-27-2006 at 02:34 PM.
 
Old 05-27-2006, 05:49 PM   #28
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
I'm SOOOOOOOOOO close to being done with this project. Can anyone help me set this machine up as a transparent proxy?
 
Old 05-28-2006, 01:00 AM   #29
ArmOrAttAk
Member
 
Registered: May 2005
Location: NYC
Distribution: Slackware, Gentoo
Posts: 30

Rep: Reputation: 15
The "very end of your firewal script" : all the lines are commented out. Remove the leading #
 
Old 05-28-2006, 02:56 PM   #30
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Save me Alien Bob, I'm still stuck. The worst case scenario is that when we install this content filter we have to tell each of the 50 computers on the network to use this particular port for the internet. Good thing it isn't a LARGE network.

I'm fixin' to (Southern term) give this project over to the guy who asked me to do this. I think my brain has had enough stress, ESPECIALLY since I did all of this for free.

Last edited by tubatodd; 05-28-2006 at 02:58 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help Configuring Linux 9 As gateway rml_85226 Linux - Networking 5 05-18-2006 12:36 AM
Configuring Fedora 3 as an internet gateway justiceisblind Fedora 1 05-27-2005 01:42 PM
configuring gateway - help jhar Linux - Newbie 6 01-30-2005 09:54 AM
configuring 2nd nic/gateway spooge Slackware 2 12-24-2004 03:22 PM
configuring a gateway for a windows xp box joshuadonz *BSD 0 03-23-2003 02:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration