Re: [squid-users] Testing transparent squid in VM
Wundy wrote: Amos Jeffries-2 wrote: You should be able to use just: iptables -t nat -A PREROUTING -s ! 192.168.0.12 -p tcp --dport 80 - REDIRECT -to-port 3128 iptables -t nat -A POSTROUTING -j MASQUERADE At this point I have added the iptables command : iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -j MASQUERADE but it does nothing to far. The "-s ! 192.168.0.12" is important (assuming squid is running on 192.168.0.12) to block forwarding loops. ie probably those timeouts you mention squid having. Amos Jeffries-2 wrote: squid.conf: http_port 3128 transparent In my squid.conf I haven't adjusted many things. You can look at it here, should there be any more problems. http://www.nabble.com/file/p16962017/squid.conf squid.conf I did however have to enable ip4_forward since that was off. I'm not that familiar with my debian distro so stuff like that is helpful Ah forwarding. That kicked me the other day when a kernel upgrade turned it off. Check your run-time settings in /proc/sys/net/ipv4/ip_forward should be '1' ( echo 1 >/proc/sys/net/ipv4/ip_forward ) The persistent settings are in /etc/sysctl.conf NAT might do with a check as well. lsmod - look for something matching: *_nat at this point squid behaves as follows: the browser without proxy settings does not find squid and doesn't give a web page. if I point the browser towards the proxy server then any address I open loads VERY VERY slowly and times out after a few mins. Amos Jeffries-2 wrote: If that still won't work: - Ensure that your squid has ONLY one transparent option (--enable-linux-netfilter) configured. - Check that squid is receiving requests (access.log or cache.log) - Check squid has access outbound (usually cache.log) - Check whether NAT is failing (cache.log) squid is recieving request if I point the browser to the proxy server, otherwise nothing. Okay, so this may seem simple but is port-80 traffic from the browser even going through the squid box naturally? Take a look at the routing table on the browsers machines routing table and check. The default gateway is the machine all its traffic goes through. That should be either the squid machine itself or another which has been setup to route the port-80 traffic as squid properly. Amos -- Please use Squid 2.6.STABLE19 or 3.0.STABLE4
Re: [squid-users] Testing transparent squid in VM
Amos Jeffries-2 wrote: > > > You should be able to use just: > > iptables -t nat -A PREROUTING -s ! 192.168.0.12 -p tcp --dport 80 - > REDIRECT -to-port 3128 > iptables -t nat -A POSTROUTING -j MASQUERADE > At this point I have added the iptables command : iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -j MASQUERADE but it does nothing to far. Amos Jeffries-2 wrote: > > squid.conf: >http_port 3128 transparent > In my squid.conf I haven't adjusted many things. You can look at it here, should there be any more problems. http://www.nabble.com/file/p16962017/squid.conf squid.conf I did however have to enable ip4_forward since that was off. I'm not that familiar with my debian distro so stuff like that is helpful at this point squid behaves as follows: the browser without proxy settings does not find squid and doesn't give a web page. if I point the browser towards the proxy server then any address I open loads VERY VERY slowly and times out after a few mins. Amos Jeffries-2 wrote: > > If that still won't work: > - Ensure that your squid has ONLY one transparent option > (--enable-linux-netfilter) configured. > - Check that squid is receiving requests (access.log or cache.log) > - Check squid has access outbound (usually cache.log) > - Check whether NAT is failing (cache.log) > squid is recieving request if I point the browser to the proxy server, otherwise nothing. -- View this message in context: http://www.nabble.com/Testing-transparent-squid-in-VM-tp16939142p16962017.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Testing transparent squid in VM
Wundy wrote: Greetings all! I am currently trying to run a transparent proxy in a testing environment. I have one VM with 2 network cards. 1 is set on vmnet2 the other one NAT to the internet. my server is running squid in transparent mode on the internal IP address of 192.168.0.12/24 and the client is set on 192.168.0.7/24 with it's default gateway pointing towards 0.12. now when I try to open iceweasel I cannot get through to the internet, when I input my proxy settings, it does work. how do I fix this ? I tried redirecting traffic with IPtables but it didn't work, here is the script I used: eth2 is the internal lan eth1 the internet #!/bin/bash iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -A INPUT -i eth2 -j ACCEPT iptables -A OUTPUT -o eth2 -j ACCEPT iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.0.12:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 best wishes You should be able to use just: iptables -t nat -A PREROUTING -s ! 192.168.0.12 -p tcp --dport 80 - REDIRECT -to-port 3128 iptables -t nat -A POSTROUTING -j MASQUERADE squid.conf: http_port 3128 transparent If that still won't work: - Ensure that your squid has ONLY one transparent option (--enable-linux-netfilter) configured. - Check that squid is receiving requests (access.log or cache.log) - Check squid has access outbound (usually cache.log) - Check whether NAT is failing (cache.log) Amos -- Please use Squid 2.6.STABLE19 or 3.0.STABLE4