Server :: Set Up Squid3 Proxy As A Transparent Proxy & Iptables Config
Feb 23, 2011
I am trying to set up my squid3 proxy as a transparent proxy - right now, I have to manually configure browsers to access via proxy. I understand that I have to put some rules into Iptables and also some further directives in the squid.conf.
I have a couple of specific questions. The proxy server is running on a Ubuntu 10.04 workstation and this machine also acts as a dhcp server for the network. I have just one subnet , namely 192.168.0.1-254 There is only 1 network card. Is it much easier to put in a second network card or is it just as easy to configure the existing lan card as a dual IP?
Is it necessary to configure these 2 IP's ( whether they are via 2 lan cards or dual IP on single card ) to be on different subnets. i.e ETH0 192.168.0.1 and ETH1 192.168.1.1 or is ok to have something like ETH0 192.168.0.1 and ETH1 192.168.0.254 ( where ETH0 is the one facing the LAN and ETH1 points to the modem router / switch i.e The Internet ) Where specifically do I save the Iptables rule configuration file and what must I call it ?
View 4 Replies
ADVERTISEMENT
Mar 25, 2010
I am new to iptables. We have two Squid proxy servers running in "non-transparent mode" (172.16.0.1 and 172.16.0.2). Currently users have to configure the proxy server they want to use by configuring them in their browsers. Recently I saw an example for redirecting web traffic to a single transparent proxy server.
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
Can anyone modify this rule to accommodate my current setup of two proxy servers running in non-transparent mode. i.e Redirect web traffic to the 172.16.0.1-172.16.0.2 ip range.
View 2 Replies
View Related
Aug 23, 2010
I just finished setup a proxy machine that runs in a separate box from gw.
I have the following iptables rule
on squid box
Code:
Code:
Here's an example
Code:
My question is how can i modify the iptables rules so it will forward the real ip's where the requests are originated from.
View 1 Replies
View Related
Mar 11, 2010
I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
View 1 Replies
View Related
Nov 10, 2010
I need to set up an ip table and a transparent squid proxy as followed: I have 3 machine: Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.
eth1: 192.168.99.2 (Connect to eth1 of machine 2)
eth2: 192.168.98.2 (Connect to eth1 of machine 3)
machine 2 works as a webserver
eth1: 192.168.99.4
machine 3 works as a web client.
eth1: 192.168.98.4
my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy. In order to fulfill the tasks, I have edited the squid.conf as followed: Code: http_access allow localnet http_access allow localhost and in machine 1, I tried 2 ip tables command: Code: iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:80 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80 I don't know if it is right or wrong.
View 7 Replies
View Related
Jan 12, 2011
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
View 6 Replies
View Related
May 13, 2010
I'm new to linux, but enjoy using it very much, especially without a GUI, console is fun! I need to set up port forwarding. We have 3 servers, 1x running Ubuntu server 8.04 (used as transparent proxy), 1x server 2003, 1x windows xp.
The linux box has the following ips:
eth0 (internal) 192.168.1.5
eth1 (external) 192.168.0.7
Windows server 2003:
192.168.1.6
Windows XP:
192.168.1.9
Router:
192.168.0.1
The router automatically forwards specific ports to 196.168.0.7 (Linux eth0). From there I want to forward port 8585 to 192.168.1.6 and 3000 to 192.168.1.9. Is there a way that I can do this using iptables?
The commands that I think I'm gonna use look like this:
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8585 -d 192.168.1.6 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3000 -d 192.168.1.9 -j ACCEPT
Would this be a correct way of doing it? My biggest problem is that I can't test it without going live, and if I go live and something doesn't work, the entire building will be left without internet, people will hate me. Also, The proxy captures all data on port 80 and forwards it to 3128 so that the proxy can monitor the usage, and a few systems runs fine with it, others however can ping websites, and internet explorer says "website found, waiting for reply" but the webpages cannot be displayed.
View 9 Replies
View Related
Jun 30, 2010
I am trying to install Squid 2.6 as Transparent proxy server.Can anyone provide the step by step configuration details
View 8 Replies
View Related
Oct 16, 2010
I have installed and tried both squid version as transparent proxy but they just don't work.
I have eth0 which is where my internet comes in and eth1 which is my local network 192.168.1.0/255.255.255.0.
My default firewall policy is to drop input output and forward, i have already set my firewall to accept and workout the squid and it is working.
Here is the relevant rules i have on my firewall:
Code:
Here is the sample conf i am using for squid:
Code:
Always_direct allow all When using version 2.7.x i was able to make it transparent when i used the below rules:
Code:
I readed the Docs on the squid page but the above rules can't be reproduced to 3.1 and i don't wish to use such rules to make it transparent or hidden so i want some help to figure out why it inst transparent.
View 2 Replies
View Related
Jun 3, 2009
I am using Fedora 9, I have compile the squid with source code, i also deleted the old RPM of squid. i then edited the squid.conf in /usr/local/squid/etc and set http_port 3128 transparent and allowed in my acl to my local network but the transparent proxy is not working. if i remove transparent proxy then squid works fine. when i try to make it transparent the squid access.log file does not show any request coming to it (no activity). i have also forwarded all the incoming traffic to squid port 3128. Can anybody tell me why my transparent proxy is not functional.
View 3 Replies
View Related
Sep 16, 2010
I can very well configure squid transparent proxy on gateway server.But i want the squid transparent proxy on non-gateway system as i already have hardware firewall installed.i.e i want to redirect all the traffic coming through my gateway (hardware firewall) 192.168.200.1 to my squid server 192.168.200.3 on port 3128.How it is possible? Without transparent proxy by directly giving proxy ip in browser i can access internet but how to do it in transparent mode?
View 8 Replies
View Related
Jul 3, 2009
how to configure transparent proxy in squid-3.0-staple16? I install it with source code
View 1 Replies
View Related
Jun 11, 2009
can anyone give me the solution how to configure dansguardian on squid transparent proxy.i m using
linux - slackware
squid - squid-2.6-stable18
dansguardian - 2.10.1.1
squid transparent proxy is working properly.
View 2 Replies
View Related
May 19, 2010
I'm using a Debian box as a gateway. I'm planning on bridging my DLink 604T modem/router so that traffic on the LAN goes to my gateway (which only has one NIC). The Debian box is running a PPPoe application which I'm hoping to log into the ISP through the DLink. I plan to configure the box as a squid transparent proxy. Most Howtos I've seen use NAT with 2 NICs, eth0 for the LAN and eth1 for the Internet. Any step-through to set up NAT for this?
View 4 Replies
View Related
Dec 22, 2010
I want to make a transparent squid proxy server in centos. The squid proxy version is 2.6 stable. I made a normal squid server but want to make it transparent so that users do not need to enter the proxy settings in web browser. Even i searched about this on google but not getting it properly.I have two lan cards on centos system. ETH1 used for LAN and ETH2 used for WAN. And in this squid.conf i written "http_port 172.16.31.1:3128 transparent" and i also added a rule in iptables which is "iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128" but still i have to enter proxy settings at client's web browser to use internet
View 4 Replies
View Related
May 4, 2010
I'd like to use ssh as a proxy/socks server and redirect all connections through this proxy.
It would look like : ssh -D 123 -N host
iptables ...
I've never used iptables before and I did not manage to find any useful for this particular case solutions on the internet.
So, what's the good way to do that ?
View 1 Replies
View Related
Dec 9, 2010
Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter
ddns-update-style interim;
ignore client-updates;
[code]....
View 2 Replies
View Related
Jul 13, 2011
In my company have proxy server using Linux.
Ip Address Proxy Server 1 is: 123.16.201.23
Ip Address Proxy Server 2 is: 123.16.201.24
Every Client: 123.16.3.25,....
and 123.16.4.25,.....
....
- I want export config file on Proxy Server, but i don't know command and i see interface is command line. So hepl me command line and send file to my email.
- In config file on Proxy Server may be disconnect internet for user and Enable coonect internet for user. Hepl me do this?
- I using Ubuntu 10.04LST i want connect file Server on Server ( using WinServer2003).
I just go to company so i have everything don't know system.
View 2 Replies
View Related
May 20, 2009
I'm using Fedora Core5.0 I have using Iptables for forward port 80 to port 3128(Squid) in the same of server.I need to forward using Iptables to use the other proxy server because this server i am use for vpn and mail tranfer.What a Commnand for i use?ase 1. Server 1 >Ip 192.168.0.4 SQUID WITH PORT(3128)2. Server 2 IP 192.168.0.254 PF SENSE (3128) I will use server 2 for using internet connect only.
View 1 Replies
View Related
Jun 14, 2010
i have the following ip assignments
fedora (iptables)
eth0 -private :192.168.1.1
eth1 -public : 186.117.50.6
squid proxy
192.168.1.10:3128
my clients range
192.168.2.0/24
how can i make my clients to browse internet only from proxy server my network is NAT 'ed. Please specify a iptable rule to allow internet access for my clients to browse ONLY if they come through proxy server.
View 1 Replies
View Related
Feb 21, 2011
trying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu. If i configure firefox to use it, it runs ok. I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.
View 5 Replies
View Related
Apr 7, 2009
I am trying to configure squid with Fedora 10 to use it as a transparent proxy webcache.Is there any good tutorial you would recommend to a novice?
View 1 Replies
View Related
Jul 30, 2010
I have a problem in Eclipse for accessing update sites (for plugins). I am behind a NTLM proxy. Strangely, this proxy asks for a password while in Linux but not when in Windows�
To get around this annoying password issue, I already setup a working cntlmd proxy. I can use this proxy for mounting a remote DavFS2 share, for example. But the issue I have with Eclipse seems to involve proxy configuration. So I decided a transparent proxy could solve this issue. I installed tinyproxy on top of cntlmd, and added the following rule to the firewall:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to 8888
Now, I can configure Firefox for direct access to the Internet, and display a web site only if I give this web site's IP instead of its name! I surmise that it's because when configured for direct access, Firefox performs DNS lookups using the local (intranet) DNS, instead of squeezing its lookups through the proxy and accessing a broader DNS (I wonder which). How can I make all DNS lookups go transparently through the transparent proxy?
View 1 Replies
View Related
Mar 23, 2010
I am playing around with transparent proxies, unfortunately I do not have two machines to test it out with. The current way I am doing things is the program makes a request to a computer on port 80, I use
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that is listening on port 1234. The proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy and if it sent out to port 80 it would just be a infinite loop) so I want to do something like
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80
The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip?
View 1 Replies
View Related
Feb 9, 2010
I'm trying to setup a linux box with 3 NICs (2 WAN links and 1 LAN). All http traffic (port 80) should go to WAN 1 via squid proxy and the rest to WAN 2. I already setup MASQUERADING in iptables and I already configured port 80 to redirect to port 3128 for squid. My default gateway is WAN 2. But the problem is squid uses the default gateway - WAN2. setting up the iptables / routing for squid to use WAN 1?
View 7 Replies
View Related
Apr 6, 2011
I have recently installed tor + vidalia + privoxy on my maverick system. What I was hoping to do was set up transparent routing through tor using the instructions here - [URL] But Ive had no luck with any of the examples given. When Vidalia tries to connect it stops at the point of generating a tor circuit and never gets any further.
View 1 Replies
View Related
Apr 3, 2010
I've setup Squid3 running on Ubuntu 9.04 64-bit server, and configured it to act as a transparent proxy and setup my router following these instructions: [URL]
Everything works great as far as browsing, but my main goal was to cache large downloads (usually executables) that I download frequently. So I set the minimum to 300KB and the max to 100MB. The problem, though, is the cache is not being used. I can download a file at regular speed on one computer, and then try and download it again and it downloads from the internet again, rather than the cache, so the speed is no faster.
Here's my config file:
Code:
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
[Code].....
View 1 Replies
View Related
Sep 28, 2009
I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies
View Related
May 6, 2011
I have set up squid3 and dhcp server on my Ubuntu 10.04 box with IP address of 192.168.0.160. Single network card.Squid runs on port 3148. Everything works fine for the users provided that I set up the proxy details manually on each client pc.I want to set up the Squid to run as a transparent proxy and after reading around I have done the following.In the Squid3 conf file I have entered http_port 3148 transparent.Dropping to Root ( sudo -i )However the transparent proxy does not work and if I enter iptables -L I can see that the rule above has not been retained. The default rules in iptables only show up.
View 5 Replies
View Related
Nov 26, 2009
I'm looking to setup a transparent proxy, which (if I understand correctly) will allow me to monitor/control http traffic on my home lan with the use a log analyser.I'm planning on following this guide Yes... I'm cheap and don't wanna buy another NIC.My question: How does this all work? I get that http traffic goes to my server first, and then to the destination address, but how? What is stopping the other computers on my network from going straight to my router?Is my interpretation of a transparent proxy correct?
View 3 Replies
View Related