Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
05-27-2006, 09:22 AM
|
#16
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
EVEN MORE SUCCESS!!
I made that correct in the rc.firewall that Alien Bob mentioned, BUT I still don't have internet access. HOWEVER, if I tell FireFox on my WinXP machine to use 192.168.2.1 port 8080 as a proxy...I HAVE internet on the XP machine. What's more, the internet content filtering through port 8080 IS being filtered by dansguardian. So, I'm closer to my goal, but not quite there. Ultimately, this machine is going to be installed as a content filter at the school I teach at. Soooooo, here are my goals that have not been met.....yet.
1. I want to avoid having to set EVERY browser on EVERY computer on the school network to use 192.168.2.1 port 8080 as a proxy. I believe what I am looking for is a transparent proxy.
Thanks for EVERYONE'S help!!!!
|
|
|
05-27-2006, 09:32 AM
|
#17
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Originally Posted by tubatodd
I believe what I am looking for is a transparent proxy.
|
You did not enable the advanced section of that Easy Firewall Generator did you?
One of the checkmarks is " Transparent Web Proxy" and the help text for that item is:
Quote:
This option is designed to redirect outbound web requests to a proxy server running on the firewall system. This approach is called a transparent proxy because it does not require any proxy settings in the client system. If this option is selected, the port number of the proxy server on the internal interface must be entered in the Redirect Port field that will display. If no port number is entered, the firewall will not generate.
|
If you enter "8080" as the redirect port, then all web traffic (port 80) will be redirected to port 8080 at the firewall where your Dansguardian is listening.
Eric
|
|
|
05-27-2006, 09:35 AM
|
#18
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Here is the very end of my rc.firewall. As far as I can tell I enabled the transparent proxy but it is not working.
Code:
# This is a sample that will exempt a specific host from the transparent proxy
#$IPT -t nat -A PREROUTING -p tcp -s 192.168.1.50 --destination-port 80 \
# -j RETURN
#$IPT -t nat -A PREROUTING -p tcp -s 192.168.1.50 --destination-port 443 \
# -j RETURN
# Redirect HTTP for a transparent proxy
$IPT -t nat -A PREROUTING -p tcp --destination-port 80 \
-j REDIRECT --to-ports 8080
# Redirect HTTPS for a transparent proxy - commented by default
# $IPT -t nat -A PREROUTING -p tcp --destination-port 443 \
# -j REDIRECT --to-ports 8080
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
|
|
|
05-27-2006, 10:26 AM
|
#19
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
So, the transparent proxy setup is correct already. What is the proxy program you're using on port 8080, is it Squid? It might be that you have to configure the proxy specifically for this kind of transparent proxying.
In the squid.conf file for instance, configure these options:
Code:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Eric
Last edited by Alien Bob; 05-27-2006 at 10:33 AM.
|
|
|
05-27-2006, 10:44 AM
|
#20
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
The proxy is tinyproxy.
|
|
|
05-27-2006, 10:52 AM
|
#21
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Originally Posted by tubatodd
The proxy is tinyproxy.
|
According to the tinyproxy build instructions, you have to explicitly add
Code:
--enable-transparent-proxy
to the configure command to let it be able to act as a transparent proxy.
Did you compile tinyproxy yourself, or did you download a binary package for it?
Eric
|
|
|
05-27-2006, 11:04 AM
|
#22
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Quote:
Originally Posted by Alien Bob
According to the tinyproxy build instructions, you have to explicitly add
Code:
--enable-transparent-proxy
to the configure command to let it be able to act as a transparent proxy.
Did you compile tinyproxy yourself, or did you download a binary package for it?
Eric
|
DOH...I will rebuild, configure and install tinyproxy
Thanks for all of your help Eric!!
|
|
|
05-27-2006, 11:22 AM
|
#23
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
ok, I recompiled tinyproxy with --enable-transparent-proxy and restarted my system. Unfortunately, I do NOT have transparent proxy access on my WinXP machine. What should I do now?
|
|
|
05-27-2006, 11:28 AM
|
#24
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Originally Posted by tubatodd
DOH...I will rebuild, configure and install tinyproxy
|
Or download this package: http://www.slackware.com/~alien/slackbuilds/tinyproxy/
Cheers, Eric
|
|
|
05-27-2006, 11:50 AM
|
#25
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
It still does NOT work with a transparent proxy. I have no idea what is wrong. BTW, the version 1.7.0 that you sent me the link to....it kept giving me errors.
|
|
|
05-27-2006, 12:00 PM
|
#26
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
What errors?
When I run tinyproxy with the default unaltered configuration file, the file /var/log/tinyproxy.conf contains this:
Code:
# cat /var/log/tinyproxy.log
INFO May 27 18:03:01 [2427]: Initializing tinyproxy ...
INFO May 27 18:03:01 [2427]: Setting "Via" proxy name to: tinyproxy
INFO May 27 18:03:01 [2427]: Adding Port [443] to the list allowed by CONNECT
INFO May 27 18:03:01 [2427]: Adding Port [563] to the list allowed by CONNECT
INFO May 27 18:03:01 [2427]: Setting stathost to "tinyproxy.stats".
INFO May 27 18:03:01 [2429]: Now running as group "nogroup".
INFO May 27 18:03:01 [2429]: Now running as user "nobody".
INFO May 27 18:03:01 [2429]: Creating child number 1 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 2 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 3 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 4 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 5 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 6 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 7 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 8 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 9 of 10 ...
INFO May 27 18:03:01 [2429]: Creating child number 10 of 10 ...
INFO May 27 18:03:01 [2429]: Finished creating all children.
INFO May 27 18:03:01 [2429]: Setting the various signals.
INFO May 27 18:03:01 [2429]: Starting main loop. Accepting connections.
Eric
Last edited by Alien Bob; 05-27-2006 at 12:04 PM.
|
|
|
05-27-2006, 02:09 PM
|
#27
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
When I run tinyproxy using the package you linked I get on screen messages in the terminal and it doesn't appear to work at all.
Here is a segment of the one screen messages
Code:
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# If not set then no rewriting occurs.
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#ReverseBaseURL "http://localhost:8888/"
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--EOF (start condition 0)
Here is my log file
Code:
INFO May 27 13:10:04 [440]: Initializing tinyproxy ...
INFO May 27 13:10:04 [440]: Setting "Via" proxy name to: tinyproxy
INFO May 27 13:10:04 [440]: Adding Port [443] to the list allowed by CONNECT
INFO May 27 13:10:04 [440]: Adding Port [563] to the list allowed by CONNECT
INFO May 27 13:10:04 [440]: Setting stathost to "tinyproxy.stats".
INFO May 27 13:10:04 [442]: Now running as group "nogroup".
INFO May 27 13:10:04 [442]: Now running as user "nobody".
INFO May 27 13:10:04 [442]: Creating child number 1 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 2 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 3 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 4 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 5 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 6 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 7 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 8 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 9 of 10 ...
INFO May 27 13:10:04 [442]: Creating child number 10 of 10 ...
INFO May 27 13:10:04 [442]: Finished creating all children.
INFO May 27 13:10:04 [442]: Setting the various signals.
INFO May 27 13:10:04 [442]: Starting main loop. Accepting connections.
I can't get the proxy working with dansguardian. If I install and run 1.6.3 from source it runs just fine.
In any event, I have 1.6.3 running on my machine and we are back to where we were before. I just need a transparent proxy.
Last edited by tubatodd; 05-27-2006 at 02:34 PM.
|
|
|
05-27-2006, 05:49 PM
|
#28
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
I'm SOOOOOOOOOO close to being done with this project. Can anyone help me set this machine up as a transparent proxy?
|
|
|
05-28-2006, 01:00 AM
|
#29
|
Member
Registered: May 2005
Location: NYC
Distribution: Slackware, Gentoo
Posts: 30
Rep:
|
The "very end of your firewal script" : all the lines are commented out. Remove the leading #
|
|
|
05-28-2006, 02:56 PM
|
#30
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Save me Alien Bob, I'm still stuck. The worst case scenario is that when we install this content filter we have to tell each of the 50 computers on the network to use this particular port for the internet. Good thing it isn't a LARGE network.
I'm fixin' to (Southern term) give this project over to the guy who asked me to do this. I think my brain has had enough stress, ESPECIALLY since I did all of this for free.
Last edited by tubatodd; 05-28-2006 at 02:58 PM.
|
|
|
All times are GMT -5. The time now is 10:48 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|