Find the answer to your Linux question:
Results 1 to 5 of 5
hi all i am running the squid transparent proxy and it is workig well my problem is that how can i restruct user on this proxy i created the list ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Posts
    35

    problem in squid


    hi all
    i am running the squid transparent proxy and it is workig well
    my problem is that how can i restruct user on this proxy

    i created the list of user in acl and it is working well when user have proxy setting
    a user who have the gateway and dns can easiy bypass this acl and interesting thing is that
    i can watch its ip on the access.log
    plz replu me on this address mmohsinalvi@yahoo.com

  2. #2
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    Hi,

    if you run it as "transparent" proxy, it sounds more like you have an issue on your fw/defaul router if the user can bypass this proxy.
    As a transparent proxy you should redirect all concering http/ftp traffic through the proxy without the users knowledge or configuration.

    My suggestion for you is to do a typical configuration on you fw as:

    [client host] -- HTTP:80 --> FW --> Squid --> [Webserver]
    [client host] -- HTTP:8080 --> FW --> Squid --> [Webserver]
    [client host] -- FTP:21 --> FW --> Squid --> [Webserver]
    [client host] -- TCPx --> FW --> [Server]

  3. #3
    Just Joined!
    Join Date
    Feb 2005
    Posts
    35
    i can't understand what u want to say ?
    i have done these entires

    echo '1' > /proc/sys/net/ipv4/ip_forward
    /sbin/iptables -P FORWARD ACCEPT
    /sbin/iptables -t nat -A POSTROUTING -p all -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0 -j MASQUERADE
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    and at squid.conf i created the list of users (in acl ) that i don't want to use the internet
    now i rejected the 192.168.0.3 user in this acl list but
    192.168.0.3 bypass squid if he enter the dns and gateway
    and also tell me why dns is needed at client site in case of transparent proxy

  4. #4
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    In transparency Proxy DNS is needed due to the fact that the client does not know anything about teh proxy. That is for the Client IP.

    When you say that the user enters its gateway by it self, does that mean that your box here is not the filtering/end-firewall of yor network?
    I mean does you have yet another way to get going to the Internet?
    If so, then you have to re-consider your configuration yet again. Because if you really wish the user to be passed though your proxy, the firewall (i.e. this same Linux box now), have to be the end-point as for your users at your internal network. Otherwise, there will allways be users that knows how to bypass the security system

  5. #5
    Just Joined!
    Join Date
    Feb 2005
    Posts
    35
    i have two examples


    1st ==== eth0 for internal network and dial up ppp0 for internet both are on the same machine
    2nd====== eth1 for internal network and eth0 for dsl router for internet . same on one machine

    another related question is suppose i want to use only squid (no transparent) now i have problem that no
    paltalk, yahoo voice chat and webbased sms
    services available for that proxy . how can i enable these (forwarding ?)
    i don't want transparent proxy because i read from some sites that transpartent proxy can the reason to slow down the internet trafic

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •