Networking :: CONNECT Method Is Not Allowed When Using Transparent Proxy?

May 20, 2010

I installed and configured a squid transparent proxy on my linux os at work. Also it is veryslow but every thing is ok while I do not try to use port 443,so when I try to use sites like mail.yahoo.com or other which are using https(443) port and the method used is CONNECT I see some errors in access.log like:

"NONE/400 xxxxx CONNECT error:method-not-allowed - NONE/- text/HTML"

and in cache.log somthing like:

""WARNING CONNECT method received on http Accelerator port 3128"
""WARNING for request: connect CONNECT login.yahoo.com:443 HTTP/1.1"
.
.
""ClientProcessRequest: Invalid Request"

[Code].....

View 22 Replies


ADVERTISEMENT

Networking :: Transparent Proxy In Single Pc?

Feb 21, 2011

trying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu. If i configure firefox to use it, it runs ok. I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.

View 5 Replies View Related

Networking :: DNS Lookup While Using A Transparent Proxy?

Jul 30, 2010

I have a problem in Eclipse for accessing update sites (for plugins). I am behind a NTLM proxy. Strangely, this proxy asks for a password while in Linux but not when in Windows�
To get around this annoying password issue, I already setup a working cntlmd proxy. I can use this proxy for mounting a remote DavFS2 share, for example. But the issue I have with Eclipse seems to involve proxy configuration. So I decided a transparent proxy could solve this issue. I installed tinyproxy on top of cntlmd, and added the following rule to the firewall:

Code:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to 8888

Now, I can configure Firefox for direct access to the Internet, and display a web site only if I give this web site's IP instead of its name! I surmise that it's because when configured for direct access, Firefox performs DNS lookups using the local (intranet) DNS, instead of squeezing its lookups through the proxy and accessing a broader DNS (I wonder which). How can I make all DNS lookups go transparently through the transparent proxy?

View 1 Replies View Related

Networking :: Setting Up A Transparent Proxy With Only One Box?

Mar 23, 2010

I am playing around with transparent proxies, unfortunately I do not have two machines to test it out with. The current way I am doing things is the program makes a request to a computer on port 80, I use

Code:

iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that is listening on port 1234. The proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy and if it sent out to port 80 it would just be a infinite loop) so I want to do something like

Code:

iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80
The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip?

View 1 Replies View Related

Networking :: Transparent Proxy With 2 WAN Links?

Feb 9, 2010

I'm trying to setup a linux box with 3 NICs (2 WAN links and 1 LAN). All http traffic (port 80) should go to WAN 1 via squid proxy and the rest to WAN 2. I already setup MASQUERADING in iptables and I already configured port 80 to redirect to port 3128 for squid. My default gateway is WAN 2. But the problem is squid uses the default gateway - WAN2. setting up the iptables / routing for squid to use WAN 1?

View 7 Replies View Related

Networking :: Squid As Local Transparent Proxy

Sep 28, 2009

I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.

View 2 Replies View Related

Networking :: Transparent Squid Proxy Setup

May 6, 2011

I have set up squid3 and dhcp server on my Ubuntu 10.04 box with IP address of 192.168.0.160. Single network card.Squid runs on port 3148. Everything works fine for the users provided that I set up the proxy details manually on each client pc.I want to set up the Squid to run as a transparent proxy and after reading around I have done the following.In the Squid3 conf file I have entered http_port 3148 transparent.Dropping to Root ( sudo -i )However the transparent proxy does not work and if I enter iptables -L I can see that the rule above has not been retained. The default rules in iptables only show up.

View 5 Replies View Related

Networking :: Is Interpretation Of Transparent Proxy Correct?

Nov 26, 2009

I'm looking to setup a transparent proxy, which (if I understand correctly) will allow me to monitor/control http traffic on my home lan with the use a log analyser.I'm planning on following this guide Yes... I'm cheap and don't wanna buy another NIC.My question: How does this all work? I get that http traffic goes to my server first, and then to the destination address, but how? What is stopping the other computers on my network from going straight to my router?Is my interpretation of a transparent proxy correct?

View 3 Replies View Related

CentOS 5 Networking :: Iptables For Transparent Proxy?

Mar 11, 2010

I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)

eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1

I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21

[Code]...

View 1 Replies View Related

Fedora Networking :: Transparent Proxy With A Home Router?

Mar 8, 2010

I have set up many Dansguardian/Squid proxy servers. All of them have been on a network where I could use Microsoft Group Policies to force the proxy settings on each machine. The entire setup is quite easy, surprisingly robust, and reliable as hell.

My Dentist talked to me today and asked for something different. He wants to set his office up as a wireless hot spot for his patrons, and he wants their surfing directed through a proxy server. I plan on putting them on a completely different subnet and independent router. Now, since I won't have the convenience of GP I'm wondering if there is a way to force all internal Port 80 traffic through the Proxy server but obviously not the Proxy itself. I would like to use the router to do this and not the Linux box. Is there a low cost home router like Linksys or Netgear that will do this?

View 2 Replies View Related

Fedora Networking :: Transparent Proxy - Squid 3.1.10 - Wccp2

Aug 29, 2011

I've problem with configuring transparent proxy on Fedora v13 was checking with several examples, last one from here on router (cisco 1812) everything seems ok, think there is a problem with Linux

Squid machine and router 'see each other'

Code:

While try to open web page, on GRE there is:

Code:

But when want to see what hapenning in tunnel between router and squid - there nothing...squid configuration is ok - was checking before try to make it transparent.

View 2 Replies View Related

Networking :: Configuring Squid As Transparent Proxy In RHEL5?

Jun 11, 2009

Need a bit of help from the linux community. Lately, I have been trying to configure squid as transparent proxy on my server running on RHEL5. I had gone through few articles on web abt how to configure it and configured squid accordingly adding http_accel_xyz settings and then configuring the NAT using iptables. But while restarting squid there were warnings about "unrecognized: http_accel_..." in parseConfigFile.What I could get from these is that probably I need to recompile squid adding transparent proxy support. I downloaded the new squid 3.0 and tried to compile it.But unfortunately, the 'make' command fails giving library errors.I have been stuck with t now as the new squid does not compile and old one does not support the transparent mode.could compile the new one and what supporting libraries do I need to compile it successfully and also from where can

View 7 Replies View Related

Networking :: Use External Transparent Proxy For A Single Host?

Jul 24, 2010

what I am trying to do is use an external transparent proxy for only one of the hosts on my internal network. For example, for an internal host of 192.168.1.8, I want to send all internet requests for ANY port to a proxy server out in the internet at 238.34.232.7 / port: 8080. All other hosts would use the internet without using any proxy server. Is IPTables the way to set this up or is there an easier option?

View 3 Replies View Related

Networking :: Iptables - Set Up Ip Table And A Transparent Squid Proxy

Nov 10, 2010

I need to set up an ip table and a transparent squid proxy as followed: I have 3 machine: Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.

eth1: 192.168.99.2 (Connect to eth1 of machine 2)
eth2: 192.168.98.2 (Connect to eth1 of machine 3)

machine 2 works as a webserver
eth1: 192.168.99.4
machine 3 works as a web client.
eth1: 192.168.98.4

my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy. In order to fulfill the tasks, I have edited the squid.conf as followed: Code: http_access allow localnet http_access allow localhost and in machine 1, I tried 2 ip tables command: Code: iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:80 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80 I don't know if it is right or wrong.

View 7 Replies View Related

Networking :: Cant Finish My Transparent Squid 3.0 Proxy In Fedora 11

Dec 12, 2010

My skill in fedora linux is all acquired by reading online and trial and error. I manage to set up my squid 3.0 proxy server in fedora 11. It is working smoothly as I wanted it to be. I have one client who is running bittorrent that drags all the bandwidth of our network.The problem is I cant make my server work tranparently. I want to make transparent proxy so that it can support my wireless router and I want to control the bandwidth to a fair level for everyone without them knowing.

Please somebody help me configure iptables in step by step, specifically in fedora 11. And all other necessary configuration needed to run my transparent squid 3.0 proxy in fedora 11.I know there's a lot of Linux Genius here that can help. Please help me I needed it badly.

View 5 Replies View Related

Fedora Networking :: Squid Transparent Proxy - Not Working - Error ?

May 1, 2009

I am using Fedora Core 9.0 and Squid Cache: Version 3.0.STABLE2 .

Now i am trying to use the squid as a proxy server but its not working its giving error like this ...

While trying to retrieve the URL: /

The following error was encountered:

Invalid URL Some aspect of the requested URL is incorrect.

Possible problems:

Here is my squid.conf

While trying to retrieve the URL: /

I have also try to forward the traffic coming on 3128 to 80 but its not working:

View 6 Replies View Related

Ubuntu Networking :: Use External Transparent Proxy For A Single Host?

Jul 24, 2010

I have searched for this quite a bit but my lack of knowledge of IPTables makes me doubt whether I have found a solution or not. I have very light experience with IPTables as well.So I thought I'd ask here.Basically, what I am trying to do is use an external transparent proxy for only one of the hosts on my internal network. For example, for an internal host of 192.168.1.8, I want to send all internet requests for ANY port to a proxy server out in the internet at 238.34.232.7 / port: 8080. All other hosts would use the internet without using any proxy server.

View 1 Replies View Related

Networking :: Squid And IPTABLES - Transparent Proxy Doesn't Work

Jan 12, 2011

I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.

Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...

View 6 Replies View Related

CentOS 5 Networking :: OPEN Port In Squid Transparent Proxy

Jan 26, 2010

Here is my network diagram ADSL router----firewall--LAN inside the LAN my squid is running. currently all users are working with out proxy server. I installed the proxy server inside the LAN. now all users can access web browsing ,but no other ports are working , like POP3, smtp, then some other TCP port based applications are not working. My firewall ( juniper) is created and tested the rules to allow the POP3 and smtp and selected poprts which is working , but I redirected through squid proxy server the clients are not able to access. where do I have to create rules?

** in squid proxy( i already did in safe port list stillnot working)
** IP tables?

View 6 Replies View Related

Server :: Set Up Squid3 Proxy As A Transparent Proxy & Iptables Config

Feb 23, 2011

I am trying to set up my squid3 proxy as a transparent proxy - right now, I have to manually configure browsers to access via proxy. I understand that I have to put some rules into Iptables and also some further directives in the squid.conf.

I have a couple of specific questions. The proxy server is running on a Ubuntu 10.04 workstation and this machine also acts as a dhcp server for the network. I have just one subnet , namely 192.168.0.1-254 There is only 1 network card. Is it much easier to put in a second network card or is it just as easy to configure the existing lan card as a dual IP?

Is it necessary to configure these 2 IP's ( whether they are via 2 lan cards or dual IP on single card ) to be on different subnets. i.e ETH0 192.168.0.1 and ETH1 192.168.1.1 or is ok to have something like ETH0 192.168.0.1 and ETH1 192.168.0.254 ( where ETH0 is the one facing the LAN and ETH1 points to the modem router / switch i.e The Internet ) Where specifically do I save the Iptables rule configuration file and what must I call it ?

View 4 Replies View Related

Networking :: IPTables - Redirecting Web Traffic To Single Transparent Proxy Server

Mar 25, 2010

I am new to iptables. We have two Squid proxy servers running in "non-transparent mode" (172.16.0.1 and 172.16.0.2). Currently users have to configure the proxy server they want to use by configuring them in their browsers. Recently I saw an example for redirecting web traffic to a single transparent proxy server.

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128

Can anyone modify this rule to accommodate my current setup of two proxy servers running in non-transparent mode. i.e Redirect web traffic to the 172.16.0.1-172.16.0.2 ip range.

View 2 Replies View Related

Ubuntu :: Wget Error 405 - Method Not Allowed

Jul 26, 2010

I have executed the command
Code:
sudo wget -r -Nc -mk [URL]
(referring the site : [URL]) for downloading entire website using wget for offline viewing on Linux,

At the middle of download I have shutdown my laptop (downloading was not over) and when I started my laptop again. I have executed the same command to continue downloading but I have got the error :
Code:
test@test-laptop:/data/Applications/sites/googlejam$ sudo wget -r -Nc -mk [URL]
--2010-07-25 19:41:32-- [URL]
Resolving code.google.com... 209.85.227.100, 209.85.227.101, 209.85.227.102, ...
Connecting to code.google.com|209.85.227.100|:80... connected.
HTTP request sent, awaiting response... 405 Method Not Allowed
2010-07-25 19:41:33 ERROR 405: Method Not Allowed.
Converted 0 files in 0 seconds.
test@test-laptop:/data/Applications/sites/googlejam$

View 8 Replies View Related

Ubuntu Servers :: Webdav 405 Method Not Allowed?

May 6, 2011

Trying to setup WebDav on Ubuntu server. Stuck on the last few steps of the setup. Trying to test the setup with cadaver, but reach this error:

cadaver http://10.0.6.103/webdav
Could not access /webdav/ (not WebDAV-enabled?):
405 Method Not Allowed
Connection to `10.0.6.103' closed.

[Code].....

View 2 Replies View Related

Networking :: Most Common Method To Route Network Traffic As A Router/proxy

Apr 22, 2011

I am using Debian 5 and I have some networking experience, however I want to learn to do this the best way possible. I have a Debian box with two nics and I want to connect that to a switch and use my Debian box as a router basically, as well as having a firewall setup within that too.

Should I use iptables to set up nat or the route command or what? I just want to know the group of tools to use in order to set up my network. Network diagram: Internet <------> Debian Box <----> switch <----> hosts I found some guides but they are for linux 2.4 and i'm not sure if they are right.

View 1 Replies View Related

Ubuntu Networking :: Proxy Settings: Allowed Hosts Instead Of Ignored Hosts

Aug 17, 2011

Well, as many proxy applications, GNOME Network Proxy Preferences only allow to ignore hosts. What I want to do is exactly the opposite. I only want to use the proxy for few sites. Is it possible to define only the allowed hosts in any way?

PS: I know FoxyProxy add-on for Firefox does this, but 1)I don't use Firefox and 2)I want the proxy settings system wide not only for browser.

View 9 Replies View Related

Ubuntu Security :: Only Allowed To Use One Port For Proxy?

Jun 5, 2010

I'm using a local proxy server VPN'd to another network.

How do I setup either Firestarter or Gufw/ufw to ONLY allow in/out from ONE port? (The one port the proxy uses)

Ex: Firefox is proxied to 127.0.0.1, all ports, and then the proxy picks it up, and sends out on port xxxx, and recieves on port xxxx, then sends back thru 127.0.0.1, back to Firefox.

Any setting/rules I've treid on either Firestarter or Gufw kills the proxy>VPN (Proxy won't connect to remote network)

Addendum: If I start the proxy FIRST, then the firewall, all is good. I'm thinking the proxy uses a port to connect with remote network first, then switches to my configured xxxx port...hmmm

View 1 Replies View Related

Red Hat / Fedora :: Transparent Proxy With Squid

Apr 7, 2009

I am trying to configure squid with Fedora 10 to use it as a transparent proxy webcache.Is there any good tutorial you would recommend to a novice?

View 1 Replies View Related

General :: Setting Up A Transparent Tor Proxy?

Apr 6, 2011

I have recently installed tor + vidalia + privoxy on my maverick system. What I was hoping to do was set up transparent routing through tor using the instructions here - [URL] But Ive had no luck with any of the examples given. When Vidalia tries to connect it stops at the point of generating a tor circuit and never gets any further.

View 1 Replies View Related

General :: Configure Transparent Proxy On Radhat 6.0?

Apr 21, 2011

how to configure transparent proxy radhad 6.0? I will show what i do

1. i configure on squid

acl lan srv 192.168.1.0/24
http_access allow lan
for port i use default
http_port 3128

2. i set rule on iptables

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

View 1 Replies View Related

General :: How To Make Squid Proxy Transparent?

Apr 26, 2011

How to make squid proxy transparent?I have configured a Squid proxy server with some ACLs but we have to check from client side whether those ACLs work or not ,I have to open their firefox and manually enter my machine's i.e. proxy server's ip, only after entering this ip , Those ACLs work properly.But now I want to make it work without manually entering the proxy on clients machine.I guess transparent proxy is the solution, but how to configure it/Please guide me and I am one of the machine in LAN.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved