On 7/10/06, Miles Brennan <miles@xxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ankush Grover wrote: > hey friends, > > I want to configure transparent proxy on squid for my company on FC3. > For time being I am testing the configuration on the test machines. > The testing machines consists of a laptop on which Windows 98 is > running and a machine on which FC3 is running with 2 Lan Cards. > > The ipaddresses of the LAN cards are > > eth0: 192.168.1.129 subnetmask 255.255.255.0 > eth1: 192.168.1.130 subnetmask 255.255.255.0 > > Windows 98 machine is having only one LAN Card > > eth0: 192.168.1.151 subnetmask 255.255.255.0 > > Windows 98 (eth0) and FC3 (eth1) are connected to each other through > cross cable and the FC3 eth0 is connected to the rest of the network > of the company. > > Now the problem is that both the PCs are not able to ping each other > (Windows 98 & FC3). But If I disable eth0 on FC3 then both are able to > ping each other but not when eth0 is active on FC3. I have defined > GATEWAY=192.168.1.110 under /etc/sysconfig/network. > SELinux is off on FC3 and iptables are also not configured. > > Please guide me how to configure networking between FC3 and Windows 98. > > Thanks & Regards > > Ankush Grover > Ankush, Your FC3 system is configured incorrectly with the rest of your network. Firstly, both of your FC3 network cards are on the same subnet (192.168.1/24), so they won't route anything; hence the erratic network behavior. Your default gateway (192.168.1.110) is connected to your FC3 eth0. As far as the FC3 system is concerned, it will send all data out of the eth0 NIC, so all ping requests/responses are not being sent to your Win98 box. That's why it only works when you disable the FC3 eth1 interface (they are both on the same network, that's bad). If you want your FC3 system to act as a router (or transparent proxy), then change: FC3 eth1 --> 192.168.2. something W98 eth0 --> 192.168.2. something else Subnet: 255.255.255.0 (W98 box needs to point to FC3 eth1 as it's default gateway.) Then enable packet forwarding... echo 1 > /proc/sys/net/ipv4/ip_forward However, if you want to configure transparent proxy, you don't need to enable port forwarding, you need to redirect all outbound HTTP requests to the Squid port. This can be done with a simple iptables rule on your FC3 box: iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
hey, Is it necessary that the clients connecting to the eth1 on the FC3 should be on the different subnet than the eth0? Is it possible to keep both the ethernet cards on the same subnet and transparent proxy should work efficiently ? Thanks & Regards Ankush Grover