[squid-users] squid2.6STABLE13 and transparent proxy
Hi, I need help with transparent proxy on fedora 6 or fedora. I have set the http_port to transparent mode as below http_port 192.168.0.220:3128 transparent and made a fowarding rule on iptables but am still not able to do transparent proxy iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Is there anything am missing on here
Re: [squid-users] squid2.6STABLE13 and transparent proxy
melvin obiri escreveu: Hi, I need help with transparent proxy on fedora 6 or fedora. I have set the http_port to transparent mode as below http_port 192.168.0.220:3128 transparent and made a fowarding rule on iptables but am still not able to do transparent proxy iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 if i'm not sure, REDIRECT redirects to 127.0.0.1, and your squid is listening on 192.168.0.220 only. try removing the http_port ip, leaving just http_port 3128 transparent or adjust your iptables rule: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.220:3128 -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email [EMAIL PROTECTED] My SPAMTRAP, do not email it
Re: [squid-users] squid2.6STABLE13 and transparent proxy
melvin obiri escreveu: Thanks Leonardo, well, initially the http_port transparent 3128 was working fine then I thought maybe it makes my cache open for public. Get appropriate iptables rules for not allowing external access to it. Get appropriate http_access rules for not allowing external access to it. with those, there's absolutely no problem at all on letting squid binding to all ports. anyway, you can easily let squid binding on your internal ip only. Just change the REDIRECT for DNAT and you'll probably get everything working !!! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email [EMAIL PROTECTED] My SPAMTRAP, do not email it
Re: [squid-users] squid2.6STABLE13 and transparent proxy
On mån, 2008-05-12 at 14:42 -0700, melvin obiri wrote: > Hi, I need help with transparent proxy on fedora 6 or fedora. > I have set the http_port to transparent mode as below > http_port 192.168.0.220:3128 transparent > > and made a fowarding rule on iptables but am still not able to do > transparent proxy > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > Is there anything am missing on here Have you enabled incoming traffic to port 3128 in the Fedora firewall? Regards Henrik
Re: [squid-users] squid2.6STABLE13 and transparent proxy
On mån, 2008-05-12 at 18:49 -0300, Leonardo Rodrigues Magalhães wrote: > if i'm not sure, REDIRECT redirects to 127.0.0.1, and your squid is > listening on 192.168.0.220 only. No, REDIRECT redirects to the primary IP of the interface where the traffic is seen coming in. Regards Henrik
Re: [squid-users] squid2.6STABLE13 and transparent proxy
On Tue, May 13, 2008 at 3:12 AM, melvin obiri <[EMAIL PROTECTED]> wrote: > Hi, I need help with transparent proxy on fedora 6 or fedora. > I have set the http_port to transparent mode as below > http_port 192.168.0.220:3128 transparent > > and made a fowarding rule on iptables but am still not able to do > transparent proxy > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 What is eth0. It should be LAN interface. Do you have a NAT rule there? something like below. iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1.2.3.4 Have you aplied DROP polices. then, You need another rule like this. iptables -A INPUT -p tcp --dport 3128 -j ACCEPT Pls try these. GOOD LUCK > > Is there anything am missing on here > -- Thank you Indunil Jayasooriya
