Hi guys.
Could you please send a tutorial or any good guidance to implement squid on transparent mode on centos 9 with iptables. I have configured squid.conf with this parameters: ens192: 172.31.168.28, internet interface ens224: 192.168.1.10, LAN interface (private network) # Mis ACLs # acl mi_red src 192.168.1.0/24 acl cliente_linux src 192.168.1.20 acl cliente_windows src 192.168.1.30 acl sitios1 url_regex "/etc/squid/listas/sitios1" acl sitios2 url_regex "/etc/squid/listas/sitios2" # Squid normally listens to port 3128 http_port 3128 http_port 8080 transparent I want the “deny all” rule get applied to test the client using the proxy My iptables is configured as follows: #!/bin/bash ## NAT server configuration ## sysctl -w net.ipv4.ip_forward=1 sysctl -p iptables -X iptables -F iptables -t nat -X iptables -t nat -F iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -I POSTROUTING -o ens192 -j MASQUERADE #!/bin/bash ## proxy server configuration ## ### Accepting traffic for the ports: 3128 and 8080## iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 3128 -j ACCEPT iptables -A INPUT -p tcp --dport 3128 -j DROP iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 3128 -j ACCEPT iptables -A OUTPUT -p tcp --sport 3128 -j DROP iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j DROP iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 8080 -j ACCEPT iptables -A OUTPUT -p tcp --sport 8080 -j DROP ### Accepting traffic for the ports: 3128 and 8080## iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 443 -j REDIRECT --to-port 8080 But I got this error: 1668381894.746 0 192.168.1.20 NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- - 1668381967.800 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.805 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.809 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.814 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.818 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.823 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.827 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.832 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.836 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html 1668381967.841 0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html Could you please help me to solve this; i am completely new using squid and in Linux? I was following these sources: • https://www.xmodulo.com/squid-transparent-web-proxy-centos-rhel.html • https://www.maravento.com/2015/06/no-forward-proxy-ports-configured.html • https://www.xmodulo.com/internet-connection-sharing-iptables-linux.html You can find the logs of squid 5.5 here: squid logs <https://epnecuador-my.sharepoint.com/:u:/g/personal/mercy_anchundia_epn_edu_ec/EaqrQJFkDfhLnEha14CIfKoBhrKZLaSTIE51t_gw0_iUZw?e=Y8xirv> I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP. H Lola Lo <holitafarol...@gmail.com> (sent by marseapl...@gmail.com) Sun, Nov 13, 8:52 PM (3 days ago) to squid-users Hi guys. You can find the logs of squid 5.5 here: squid logs <https://epnecuador-my.sharepoint.com/:u:/g/personal/mercy_anchundia_epn_edu_ec/EaqrQJFkDfhLnEha14CIfKoBhrKZLaSTIE51t_gw0_iUZw?e=Y8xirv> I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP. i gHi guys. You can find the logs of squid 5.5 here: squid logs I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.uys. You can find the logs of squid 5.5 here: squid logs <https://epnecuador-my.sharepoint.com/:u:/g/personal/mercy_anchundia_epn_edu_ec/EaqrQJFkDfhLnEha14CIfKoBhrKZLaSTIE51t_gw0_iUZw?e=Y8xirv> I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP. Thank you in advance for your help ---------- Forwarded message --------- From: Lola Lo <holitafarol...@gmail.com> Date: Sun, Nov 13, 2022 at 7:32 PM Subject: transparent mode squid on centos 9 with iptables To: <squid-users@lists.squid-cache.org>
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users