Re: problem in configuring squid transparent proxy on FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




That rule is in the NAT table, you can see it with.

       iptables -t nat -nvL

or to see both filter and nat tables together.

       iptables -nvL ; iptables -t nat -nvL

The output of the command "iptables -t nat -nvL" is attached with this
email in the squid.txt file.There are about 20 entries when I do
iptables -t nat -nvL is it normal to have these much entries. I have
only applied this rule to the iptables

iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport
80 -j REDIRECT --to-port 3128



I also think you need a subnet declaration for your squid ACLs, because
you are using "src" - see your conf file for more description on proper
declarations.

vi /etc/squid/squid.conf

       acl INTERNAL-NETWORK src 192.168.2.0/24
       http_access allow INTERNAL-NETWORK


   I have corrected this mistake of my mine. I have added  subnet
mask with the src acl. (192.168.2.0/24)

Remember, your transparent proxy is a redirection of HTTP requests (port
80) to your proxy cache (port 3128). Squid then handles the request
transparently, the client doesn't realise the change in network packet
flow. To test this properly, you can either disable packet forwarding on
the FC3 box, or set your iptables forward policy to drop everything.

       iptables -P FORWARD DROP

ip forward is already disable on the system

sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1

But still I am not able to browse from the 192.168.2.0 domain. I have
a machine whose ip address is 192.168.2.88 and the gateway of this
machine is 192.168.2.126( eth1 on FC3).

I can ping 192.168.2.88 to 192.168.2.126 and from 192.168.2.126 to
192.168.2.88  but from 192.168.2.88 I am not able to browse the
internet.

Any pointers what can be the problem ?

Thanks & Regards

Ankush Grover
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 293 packets, 50998 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 REDIRECT   tcp  --  ethi   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.1.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.1.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth0   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 2964 packets, 96105 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 2964 packets, 96105 bytes)
 pkts bytes target     prot opt in     out     source               destination 
-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux