Re: problem in configuring squid transparent proxy on FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




That rule is in the NAT table, you can see it with.

       iptables -t nat -nvL

or to see both filter and nat tables together.

       iptables -nvL ; iptables -t nat -nvL

The output of the command "iptables -t nat -nvL" is attached with this
email in the squid.txt file.There are about 20 entries when I do
iptables -t nat -nvL is it normal to have these much entries. I have
only applied this rule to the iptables

iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport
80 -j REDIRECT --to-port 3128



I also think you need a subnet declaration for your squid ACLs, because
you are using "src" - see your conf file for more description on proper
declarations.

vi /etc/squid/squid.conf

       acl INTERNAL-NETWORK src 192.168.2.0/24
       http_access allow INTERNAL-NETWORK


   I have corrected this mistake of my mine. I have added  subnet
mask with the src acl. (192.168.2.0/24)

Remember, your transparent proxy is a redirection of HTTP requests (port
80) to your proxy cache (port 3128). Squid then handles the request
transparently, the client doesn't realise the change in network packet
flow. To test this properly, you can either disable packet forwarding on
the FC3 box, or set your iptables forward policy to drop everything.

       iptables -P FORWARD DROP

ip forward is already disable on the system

sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1

But still I am not able to browse from the 192.168.2.0 domain. I have
a machine whose ip address is 192.168.2.88 and the gateway of this
machine is 192.168.2.126( eth1 on FC3).

I can ping 192.168.2.88 to 192.168.2.126 and from 192.168.2.126 to
192.168.2.88  but from 192.168.2.88 I am not able to browse the
internet.

Any pointers what can be the problem ?

Thanks & Regards

Ankush Grover
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 293 packets, 50998 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 REDIRECT   tcp  --  ethi   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.1.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.1.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth0   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 2964 packets, 96105 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 2964 packets, 96105 bytes)
 pkts bytes target     prot opt in     out     source               destination 

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux