On 12/11/10 20:36, Arturas Kurlavicius wrote:
Thanx For Reply
On Fri, Nov 12, 2010 at 9:15 AM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote:
On 12/11/10 19:54, Arturas Kurlavicius wrote:
Hello
First i want say sorry for bad english :(
Here mine situation
I work in huge gonoverment netowk. Mine network uses proxy to acces
internet. Shame that proxy not transparent... so i must every time
tipe setting in every PC. Thats anoying. SO i want to change
situation.
I made a bit stupid gateway PC (debian). With single network adapter.
Mess a bit with IP tables. And simple gateway working.
network Cnfig:
[CODE]
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 10.0.8.226
netmask 255.255.255.0
gateway 10.0.8.1
[/CODE]
iptables Config:
[CODE]
###Flush iptables configurations
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
###Enable IP forwarding
echo 1> /proc/sys/net/ipv4/ip_forward
###Enable ip masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[/CODE]
And all seemes working.. i can browse sies (with proxie esttings).
So now i want with that Gateway make proxie transparent. So i'm
tryeing to forward 80 port to proxie.
Config:
[CODE]
###Flush iptables configurations
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
###Enable IP forwarding
echo 1> /proc/sys/net/ipv4/ip_forward
###Enable ip masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
###bandau forwardint 80 porta
iptables -A FORWARD -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
--to-destination 212.59.6.119:80
Use an uncommon randomly picked --to-destination port here to avoid the
security problems introduced by NAT. It is only used between this firewall
and Squid, so can be firewalled in the "mangle" table to prevent external
machines sending traffic directly there.
[/CODE]
Well it seems forwarding working... but i try to get page (for example
www.inuxforums.org)... i get from proxy error
[CODE]
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: /
The following error was encountered:
âInvalid URL
Some aspect of the requested URL is incorrect. Possible problems:
âMissing or incorrect access protocol (should be `http://'' or similar)
âMissing hostname
âIllegal double-escape in the URL-Path
âIllegal character in hostname; underscores are not allowed
--------------------------------------------------------------------------------
Generated Thu, 11 Nov 2010 11:02:48 GMT by duke.cust.lt
(squid/3.0.STABLE25)
[/CODE]
But if i put proxie setting in browser (212.59.6.119:80) all again works
fine.
So i want to advice what i'm doing wrong..
You needs to create an http_port for the NAT traffic to enter Squid. It
needs identical IP:port details identical to the firewall --to-destination.
In 3.0 and older squid it has the flag "transparent" that tells Squid how
to find and replace the missing hostname.
So... you saying i need to change squid configuration... Well that not
possible for me. I'm only user.
Oh, okay, you said you assembled a gateway box. You can run your own
Squid on there as part of the gateway software. You have control over
that config and setup the NAT interception bits there.
It passes requests on to the network parent machine as proper HTTP.
Though if you are "only a user" be aware that the next step to getting
it working is to update the network routing structure to pass traffic
through the gateway box.
Try hard, very hard to talk with the administrator of the network you
work in about this netbook problem. They can help.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
