General :: Transparent Squid - Iptables Syntax And Unable To Use Outlook To Access SMTP And POP3
Feb 10, 2011
I've set up Ubuntu 9.04 (desktop) at home in a lab environment (workgroup rather than domain) and have configured Squid. Everything works fine but, when I took it to the next level and made the proxy transparent, my problems began. I can still access sites (having pointed the XP Pro client to the squid box as the DG) and the sites are logged in /var/log/squid/access.log but I am unable to use Outlook to access my SMTP and POP3. I guess that the setup is blocking ports 25 and 110 and I'll need to configure iptables to forward packets destined for these ports directly to the "real" DG, rather than the Squid box. Here's the set up:
A single NIC (eth0) on 172.19.0.250 / 16 (static) ADSL router ("real" DG) on 172.19.0.1 I executed iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 My squid.conf:
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl mynet src 172.19.0.0/16
[Code]....
View 6 Replies
ADVERTISEMENT
Aug 23, 2010
I just finished setup a proxy machine that runs in a separate box from gw.
I have the following iptables rule
on squid box
Code:
Code:
Here's an example
Code:
My question is how can i modify the iptables rules so it will forward the real ip's where the requests are originated from.
View 1 Replies
View Related
Aug 15, 2010
I have recently set up a mail system using Postfix, Dovecot, Spamassasin, ClamAV and atMail - I'm new at this, so proud of myself to have gotten this far. I have required secure authetication for both sending through SMTP and access via POP3 and IMAP. All seems to work properly. I have tested POP3 with KMail and Evolution and everything works great. The only problem is I cannot get Outlook 2007 to authenticate for POP3. I can send through SMTP with secure authentication from Outlook, but no matter what I try I cannot get it to authenticate for POP3 access. Checking SPA in Outlook causes it to repeatedly ask for credentials which it does not accept, while un-checking it causes the client to be immediately rejected by the server.
I have turned on all the various relevant client work-around options in Dovecot and Postfix (that I am aware of) and I have hunted through the web to see what I can find, but no luck.
Besides using the listed client work-arounds in the Dovecot config file, can anyone shed light on what else I might need to do to get Outlook 07 working with POP3?
View 4 Replies
View Related
Nov 10, 2010
I need to set up an ip table and a transparent squid proxy as followed: I have 3 machine: Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.
eth1: 192.168.99.2 (Connect to eth1 of machine 2)
eth2: 192.168.98.2 (Connect to eth1 of machine 3)
machine 2 works as a webserver
eth1: 192.168.99.4
machine 3 works as a web client.
eth1: 192.168.98.4
my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy. In order to fulfill the tasks, I have edited the squid.conf as followed: Code: http_access allow localnet http_access allow localhost and in machine 1, I tried 2 ip tables command: Code: iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:80 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80 I don't know if it is right or wrong.
View 7 Replies
View Related
Jan 12, 2011
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
View 6 Replies
View Related
Sep 23, 2010
I have configured my squid that have a limited access to websites but still some website were accessable vis https so I removed transparent from squid. Now what changes do I have to make in iptbles
View 1 Replies
View Related
Jan 7, 2010
I am not able to use outlook or any other email client on my computer(to access gmail account) I am also not able to forward port to my computer for a bit torrent client
I can access the internet using proxy settings
I have just installed CentOS 5 as a server with 2 NIC's for my home network.
My set up is something like this
adsl wireless router(static ip from ISP) - (192.168.0.1/24) Cent os server (10.1.1.1/8) - switch/hub - clients(windows XP/Vista,Linux)
the linux server acts as a Web Server,DHCP and Squid proxy server
Will installing an email server resolve my problem?
View 4 Replies
View Related
Jun 11, 2010
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
View 2 Replies
View Related
Mar 30, 2010
I want to know that by default do we need to configure SMTP and POP3/IMAP sever for sending and receiving mails in Linux server and client machines or we can directly send and receive mails without configuring these mail servers?
View 2 Replies
View Related
Jul 11, 2011
recently I've replaced an old windows mailserver with a new one running 10.04 LTS (postfix - dovecot) but I got a strange problem with MS Outlook 2003 and 2007 on Win XP. These MUAs receive new messages extremely slow. Some of messages are received repeatedly. All I found in /var/log/mail.log is login and then (after 1 minute) disconnection for inactivity. No errors.:
Jul 11 10:36:51 dovecot: pop3-login: Login: user=(user@domain.org), method=NTLM, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx Jul 11 10:37:07 dovecot: POP3(user@domain.org): Disconnected for inactivity top=0/0, retr=1/5434, del=0/12, size=954793 nothing more. And outlooks wait and wait reporting "receiving". What they are waiting for? Is there something dovecot should send them?
At the same time Mozilla Thunderbird and Opera Mail on the same network with the same setup don't have any problems. I just don't get it. Does anyone know what to do to get it work please?
[Code]...
View 4 Replies
View Related
Apr 26, 2011
How to make squid proxy transparent?I have configured a Squid proxy server with some ACLs but we have to check from client side whether those ACLs work or not ,I have to open their firefox and manually enter my machine's i.e. proxy server's ip, only after entering this ip , Those ACLs work properly.But now I want to make it work without manually entering the proxy on clients machine.I guess transparent proxy is the solution, but how to configure it/Please guide me and I am one of the machine in LAN.
View 1 Replies
View Related
Apr 26, 2011
http_port 3128 transparent --> What does this mean? Is this a only thing we do to make Squid Proxy Transparent?
View 2 Replies
View Related
Jun 30, 2010
I am trying to install Squid 2.6 as Transparent proxy server.Can anyone provide the step by step configuration details
View 8 Replies
View Related
Jun 22, 2011
i m using centos 5.6 x86 give us guideline if possible, we have squid transparent proxy, the ip is set 10.0.1.85, this is as gateway we enter in window client pc to browse. now we want to block some website so we try below two method does not work, can you check if anything wrong in this, we enter this all starting of file squid.conf.
View 3 Replies
View Related
Aug 11, 2010
I'm mon webmaster/developer and I'm new in Linux. Our office suddenly needs to setup a proxy server. Ubuntu Squid proxy server immediately came as an option for us. The question is: does transparent squid proxy configuration using Ubuntu will have no problem with computers running on Windows OS?
View 2 Replies
View Related
Jun 17, 2011
I have a network with two WAN links. One link is supposed to be for Senior Management and the other for the rest of the company. Currently all traffic seems to be going via one WAN link.
Is it possible to setup squid to select the link to use by checking the mac address of the requesting computer
View 1 Replies
View Related
Jan 12, 2010
Now, i want to change port smtp, not use 25
View 3 Replies
View Related
Oct 2, 2010
Having my Diploma Final Project on setting up a virtual mail server within Local Area Network (LAN) only. I had follow this how-to [URL] and complete up to squirrealmail web mail. I added two new user to try on sending and receiving mail. It works. I run CentOS on VMplayer. I using my laptop to do all the stuff, the laptop default OS is windows 7, I install VM player on it and run CentOS inside the VM Player.
I want to do testing on Windows 7 side by installing Thunderbird email client program, I want to connect to mail server with SMTP, IMAP/POP3 using the email service. I have problem while setting up user account on Thunderbird, Thunderbird seems like cannot detect my CentOS mail server. How? Do I have to do any other configuration on CentOS? Any DNS? Port number for IMAP, POP3 or SMTP?
View 1 Replies
View Related
Dec 29, 2010
I am using squid to controlling access to the internet all is working fine expect one of the user who is using outside organization portal to connect internet. But whenever he tries to enter in the portal by typing (EXAMPLE)url. Permission denied error from squid occur.
How can i allow this portal in squid. So squid will allow this to access.
View 1 Replies
View Related
Feb 24, 2010
I am using FEDORA 11 and Squid 3. Squid configured and working perfectly but some Win XP users unable to access their mails through outlook express. can anybody guide me what should i do to enable pop/smtp ports via through nating / MASQUERADE etc..
View 1 Replies
View Related
Feb 15, 2010
Issue : Unable to use gmail account through outlook
What iptables rules that I should put in place This is my setup
Eth0 � 192.168.1.x - Connected to internet
Eth3 � 10.0.0.47 � Local Lan
Pop.gmail.com � port 995
Smtp.gmail.com � port 465
View 6 Replies
View Related
Feb 3, 2011
Is there any Linux software that fetches emails from let's say 3-d party imap server (ex imap.gmail.com) and allows you to access it in nice format through web interface.
So - if I run my own LAMP server I could just type in my ip address and access emails/calendars.
I guess something like Outlook Web Access but free and for Linux?
Is that what Zimbra is?
View 1 Replies
View Related
May 31, 2010
I am very new to linux. I have to build a netwrok for small lab and office setup. Setup as below I have a PC running with Centos 5.4 and has 4 NIC cards. eth0, eth1, eth2 and eth3.
eth0 --- Connected to DSL and getting the Public IP address using PPPoE.
eth1 --- 192.168.4.1 statically configured on the interface
eth2 --- 192.168.5.1 statically configured on the interface
eth3 --- 192.168.6.1 statically configured on the interface
[Code]...
I am able to browse from all the hosts behind each nic cards. But mails from outlook not working (sending and receiving). I have configured gmail in the outlook with imap and smtp. I tried allowing the port 25 using follwoing command, iptables -A INPUT -p tcp --dport 25 -j ACCEPT . let me know what should be done to access mails from outlook
View 1 Replies
View Related
Apr 7, 2009
I am trying to configure squid with Fedora 10 to use it as a transparent proxy webcache.Is there any good tutorial you would recommend to a novice?
View 1 Replies
View Related
Apr 2, 2009
i have configured transparent squid with dansguardian for content filtering i used this squid server ip on client gateway(not on browser) for content filtering, is it possible that i could use this squid server in different VLAN.
View 3 Replies
View Related
May 1, 2009
to configure squid as a non-transparent proxy? I understand https cannot be filtered using squid as a transparent proxy. So i need to find out how to configure squid for https filtering.
View 1 Replies
View Related
Sep 28, 2009
I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies
View Related
May 6, 2011
I have set up squid3 and dhcp server on my Ubuntu 10.04 box with IP address of 192.168.0.160. Single network card.Squid runs on port 3148. Everything works fine for the users provided that I set up the proxy details manually on each client pc.I want to set up the Squid to run as a transparent proxy and after reading around I have done the following.In the Squid3 conf file I have entered http_port 3148 transparent.Dropping to Root ( sudo -i )However the transparent proxy does not work and if I enter iptables -L I can see that the rule above has not been retained. The default rules in iptables only show up.
View 5 Replies
View Related
Feb 23, 2010
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
View 4 Replies
View Related
Oct 16, 2010
I have installed and tried both squid version as transparent proxy but they just don't work.
I have eth0 which is where my internet comes in and eth1 which is my local network 192.168.1.0/255.255.255.0.
My default firewall policy is to drop input output and forward, i have already set my firewall to accept and workout the squid and it is working.
Here is the relevant rules i have on my firewall:
Code:
Here is the sample conf i am using for squid:
Code:
Always_direct allow all When using version 2.7.x i was able to make it transparent when i used the below rules:
Code:
I readed the Docs on the squid page but the above rules can't be reproduced to 3.1 and i don't wish to use such rules to make it transparent or hidden so i want some help to figure out why it inst transparent.
View 2 Replies
View Related
