Find the answer to your Linux question:
Results 1 to 5 of 5
Hi guys, I have set up a SuSE 10.1 linux box between my network switch and my ADSL router, and I want it to act as a proxy. So far, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2006
    Location
    Cape Town, South Africa
    Posts
    10

    Iptables and squid


    Hi guys,

    I have set up a SuSE 10.1 linux box between my network switch and my ADSL router, and I want it to act as a proxy. So far, I've got Squid working fine - no complaints there.

    However, my network PC's cannot send/receive emails if they use the linux box as a gateway. Logic tells me this is because the linux box is actively refusing connections from/to those ports. I don't need a firewall on linux at the moment, so I don't mind opening everything (even if it is just for now, so I can set everything up without worrying about access violations).

    So, i've got the following idea. Please comment:

    IN /etc/ini.d/boot.local, ADD:

    Code:
    /fwscripts/fwinit.sh
    IN /fwscripts/fwinit.sh, TYPE:

    Code:
    iptables --flush
    
    iptables -P INPUT ACCEPT
    iptables -A INPUT -j ACCEPT
    
    iptables -P OUTPUT ACCEPT
    iptables -A OUTPUT -j ACCEPT
    
    iptables -P FORWARD ACCEPT
    iptables -A FORWARD -j ACCEPT
    Is this correct? And if it is, will it allow my network PC's to send/receive emails, etc?

    My second question is this: in order to make a transparent proxy, is this the correct iptables line to use:

    Code:
    iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
    And, is this correct for squid.conf:

    Code:
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    Your input/comments/help/etc on these 2 questions would be much appreciated I know very little about iptables, and I am busy going through the man-pages.. yet they just give me an overall picture, and I need an actual example to actually get the hang of it.

  2. #2
    Just Joined! silence's Avatar
    Join Date
    Aug 2006
    Location
    South Africa
    Posts
    16
    i dunno if this will help but this was my question

    about the other question...i have no idea, but i am testing it anyway
    cheers

  3. #3
    Just Joined!
    Join Date
    Sep 2005
    Location
    New delhi
    Posts
    22
    Quote Originally Posted by Aeros
    My second question is this: in order to make a transparent proxy, is this the correct iptables line to use:

    Code:
    iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
    And, is this correct for squid.conf:

    Code:
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    Yes, the above configuration is all what you are requiered. But make sure that you have cache_effective_user and cache_effective_group directives fixed properly corresponding to some existing users in unix passwd database on local box.

    --

    Quote Originally Posted by Aeros
    However, my network PC's cannot send/receive emails if they use the linux box as a gateway. Logic tells me this is because the linux box is actively refusing connections from/to those ports.
    Why dont you open the required ports with firewall. BTW which email system are you using ?
    ___________________
    Iptables port forwarding - Nating: http://amitsharma.linuxbloggers.com/portforwarding.htm
    RSYNC server: http://amitsharma.linuxbloggers.com/how_to_rsync.htm
    FIND command: http://amitsharma.linuxbloggers.com/how_to_find.htm
    SAMBA basics & PDC rollout : http://amitsharma.linuxbloggers.com/how_to_samba.htm

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    When you want to send and receive emails you usually use pop and smtp which can't be routed through a proxy. You have to open the pop (110) and smptp (25) port on your router for your clients.
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

  6. #5
    Just Joined! pcrack's Avatar
    Join Date
    May 2006
    Location
    Philippines
    Posts
    23

    Wink gateway

    i agree with framp, ok lets do this step by step. You setup a linux as a proxy i dont see any problems with but if you will use it too as an gateway then you will to reconfigure your linux iptables to be a gateway and do a transparent proxy but i guess you already did the iptables script for the transparent proxy i guess you should double check and reconfigure your linux box to be gateway. Once this is done you can do a lot in the box you can transparent smtp, pop3 acceleration..etc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •