Search squid archive

transparent mode squid on centos 9 with iptables (part 2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi guys.


Could you please send a tutorial or any good guidance to implement  squid on transparent mode on centos 9 with iptables.  

I have configured squid.conf with this parameters:



ens192: 172.31.168.28, internet interface

ens224: 192.168.1.10, LAN interface (private network)


# Mis ACLs #

acl mi_red src 192.168.1.0/24

acl cliente_linux src 192.168.1.20

acl cliente_windows src 192.168.1.30

acl sitios1 url_regex "/etc/squid/listas/sitios1"

acl sitios2 url_regex "/etc/squid/listas/sitios2"


# Squid normally listens to port 3128

http_port 3128

http_port 8080 transparent


I want the “deny all” rule get applied to test the client using the proxy


My iptables is configured as follows:


#!/bin/bash


## NAT server configuration ##


sysctl -w net.ipv4.ip_forward=1

sysctl -p

iptables -X

iptables -F

iptables -t nat -X

iptables -t nat -F

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -I FORWARD  -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -I POSTROUTING -o ens192 -j MASQUERADE




#!/bin/bash


## proxy server configuration ##


### Accepting traffic for the ports: 3128 and 8080##


iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 3128 -j ACCEPT

iptables -A INPUT -p tcp --dport 3128 -j DROP

iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 3128 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 3128 -j DROP


iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT

iptables -A INPUT -p tcp --dport 8080 -j DROP

iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 8080 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 8080 -j DROP



### Accepting traffic for the ports: 3128 and 8080##


iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 443 -j REDIRECT --to-port 8080




But I got this error:


1668381894.746      0 192.168.1.20 NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- -

1668381967.800      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.805      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.809      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.814      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.818      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.823      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.827      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.832      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.836      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html

1668381967.841      0 192.168.1.20 NONE_NONE/400 3690 - error:invalid-request - HIER_NONE/- text/html


Could you please help me to solve this; i am completely new using squid and in Linux?


I was following these sources:


https://www.xmodulo.com/squid-transparent-web-proxy-centos-rhel.html 

https://www.maravento.com/2015/06/no-forward-proxy-ports-configured.html 

https://www.xmodulo.com/internet-connection-sharing-iptables-linux.html 


You can find the logs of squid 5.5 here: squid logs

I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.

H

Lola Lo holitafarolito@xxxxxxxxx (sent by marseaplage@xxxxxxxxx)

Sun, Nov 13, 8:52 PM (3 days ago)
to squid-users
Hi guys.

You can find the logs of squid 5.5 here: squid logs
I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.

i gHi guys.

You can find the logs of squid 5.5 here: squid logs
I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.uys.

You can find the logs of squid 5.5 here: squid logs
I configured the linux client with the ip 192.168.1.20/24, gateway is the linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.
Thank you in advance for your help

---------- Forwarded message ---------
From: Lola Lo <holitafarolito@xxxxxxxxx>
Date: Sun, Nov 13, 2022 at 7:32 PM
Subject: transparent mode squid on centos 9 with iptables
To: <squid-users@xxxxxxxxxxxxxxxxxxxxx>



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux