Thank you. I will follow you instructions. Amaury. On 15/12/15 19:03, Amaury Viera Hernández wrote:
Hello everyone. This is a more detailed explanation about my trouble: I have two network cards: a shared Wifi card(wlp2s0) : 10.42.0.1 a Network card with access to my LAN(enp4s0): 10.8.77.1 In short, I am looking for a simple way to do the following (please give code samples if possible): Set up and start a transparent proxy server on my computer (wifi card, say that squid will listen at 10.42.0.1:3128) that can capture all web requests from my phone, once the http request from phone comes to this proxy, it will forward it to the university proxy (say address is 10.0.0.1:8080 with user and password authentication) Note: Is posible that one of the authentication methods of my proxy server will be ntlm Now, more details to fully explain my situation: In my university, authentication is needed to pass through a proxy so that we can connect to the internet. I normally enter my active directory username/password to authenticate when the pop up appears in the web browser Now, I want to connect my phone to my hared wifi(10.42.0.1) and using the network card with access to the lan(10.8.77.1), forward de http request of my phone to the proxy server in the university( 10.0.0.1:8080 with user and password authentication) because some application of my phone require a direct connection, without proxy and without proxy authentication. So, I am planning to set up a transparent proxy on my laptop to catch all requests from my phone. Of course, I don't need to use the proxy for local domains (uci.cu in this case) I'm using ubuntu 15.10 with squid3 (3.3.8) I have this configuration in squid.conf (This is very functional for local domain(without proxy authentications, against the local domains, for example: intranet.uci.cu, but for internet domains I need to authenticate(cache_peer my proxy with the proxy of my university)) ) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localdst dstdomain acl mi_red src 10.42.0.0/24 http_access allow mi_red http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all http_port 10.42.0.1:3128 transparent coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 cache_mem 512 MB cache_dir ufs /var/spool/squid3 2048 16 256 cache_effective_user proxy cache_effective_group proxy half_closed_clients off maximum_object_size 1024 KB cache_swap_low 90 cache_swap_high 95 memory_pools off error_directory /usr/share/squid3/errors/es/ access_log /var/log/squid3/access.log squid cache_peer 10.0.0.1 parent 8080 0 no-query default no-digest login=avhernandez:MyPass never_direct allow all I'm using this firewall script #!/bin/sh # IP del servidor SQUID SQUID_SERVER="10.42.0.1" # Interface conectada a Internet INTERNET="enp4s0" # Interface interna LAN_IN="wlp2s0" # Puerto Squid SQUID_PORT="3128" # Limpia las reglas anteriores iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Carga los modulos IPTABLES para NAT e IP con soporte conntrack modprobe ip_conntrack modprobe ip_conntrack_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Politica de filtro por defecto iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Acceso ilimitado a loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Permite UDP, DNS y FTP pasivo iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # Establece el servidor como router para la red iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # acceso ilimiato a la LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # Redirige las peticiones de la red interna hacia el proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # Redirige la entrada al proxy iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT Best regards. Amaury. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users