Find the answer to your Linux question:
Results 1 to 9 of 9
I have centOS 5 and i m using squid2.6. I want to make it transparent proxy.What should I do?so that i will not give proxy setting in browsers at all ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2008
    Posts
    70

    Transparent Squid


    I have centOS 5 and i m using squid2.6. I want to make it transparent proxy.What should I do?so that i will not give proxy setting in browsers at all network PC's

    i have defined one option(http_port 8080 transparent)...is this enough setting or i have to configure more options to make Squid transparent

  2. #2
    Just Joined! megerdin's Avatar
    Join Date
    Jul 2007
    Location
    Sylhet,Bangladesh
    Posts
    78
    you need to redirect all trafic from http port tp squid box.

    add this in ur firewall table
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
    where eth1 is ur internel LAN.

    Let us know what r u doing.

  3. #3
    Just Joined!
    Join Date
    Mar 2008
    Posts
    70
    is it necessary to use iptable if I want to make squid transparent?because at this time i dont have iptable installed

  4. #4
    Just Joined! megerdin's Avatar
    Join Date
    Jul 2007
    Location
    Sylhet,Bangladesh
    Posts
    78
    Its nessesary because ur traffic may bypass from ur proxy server. Its secured best.
    But if u think its very bothering u can ignore iptables.

  5. #5
    Just Joined!
    Join Date
    Mar 2008
    Posts
    70
    i put your script in /etc/rc.local
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

    but i also hv a problem:

    my users are using windows2000server as a dns server
    i made an acl and allowed all users and windows2000server machine and gave windows2000server as a dns server at users machine.....
    when i am trying to resolve dns name from windows2000server its unable to resolve any name

    var/log/squid/access.log
    1210706763.212 1 192.168.0.246 TCP_DENIED/403 1378 GET Live Search - NONE/- text/html
    1210706763.240 27 192.168.0.246 TCP_DENIED/403 1428 GET http://us.yimg.com/i/tb/icons//#PERSONAL_ICON - NONE/- text/html
    1210706763.629 0 192.168.0.246 TCP_DENIED/403 1414 GET http://85.255.118.26/ppc/config.phpchk - NONE/- text/html
    1210706763.938 0 192.168.0.246 TCP_DENIED/403 1436 GET http://us.update.toolbar.yahoo.com/slv/v4/2.html? - NONE/- text/html
    1210706763.987 9 192.168.0.246 TCP_DENIED/403 1404 GET http://www.google.com/bookmarks/? - NONE/- text/html
    1210706764.366 0 192.168.0.246 TCP_DENIED/403 1414 GET http://85.255.118.27/ppc/config.phpchk - NONE/- text/html
    1210706764.419 1 192.168.0.246 TCP_DENIED/403 1394 GET http://mail.google.com/mail? - NONE/- text/html
    1210706764.679 0 192.168.0.246 TCP_DENIED/403 1410 GET http://irprops.com/ppc/config.phpchk - NONE/- text/html
    1210706765.158 0 192.168.0.246 TCP_DENIED/403 1408 GET http://ipxwan.com/ppc/config.phpchk - NONE/- text/html
    1210706951.634 1956 192.168.0.246 TCP_MISS/200 20062 GET Live Search - DIRECT/88.221.26.41 text/html
    1210707678.270 1367 192.168.0.246 TCP_MISS/200 20062 GET Live Search - DIRECT/88.221.26.41 text/html
    1210707761.277 682 192.168.0.246 TCP_MISS/302 563 GET Google - DIRECT/66.102.9.147 text/html
    1210707762.401 1123 192.168.0.246 TCP_MISS/200 6740 GET Google - DIRECT/66.102.9.104 text/html
    1210707763.453 1059 192.168.0.246 TCP_MISS/200 7919 GET http://www.google.com.pk/intl/en_com...logo_plain.png - DIRECT/66.102.9.147 image/png
    1210707764.045 593 192.168.0.246 TCP_MISS/200 6673 GET http://www.google.com.pk/images/nav_logo3.png - DIRECT/66.102.9.147 image/png

  6. #6
    Just Joined! megerdin's Avatar
    Join Date
    Jul 2007
    Location
    Sylhet,Bangladesh
    Posts
    78
    I added a firewall scripts for you.

    First download it.
    Replace the .txt extension with .sh in file name.
    Open it and change 4 lines.

    U need to alter only line 96,97 and 149,150 as per as your requirement.

    This script allow all ur http traffic to ur squid box and let them go out.
    also make ur Linux PC as Internet getway.

    No more access.

    If it works for you ...
    later u can make more change in it.

    Note: you can executed this scripts manually.
    better is to make executed in boot time.

    Don't try to understand everything now just believe it.


    Let me know anything missing.... any error in squid error log/ syslog/ /???
    Attached Files Attached Files

  7. #7
    Just Joined! megerdin's Avatar
    Join Date
    Jul 2007
    Location
    Sylhet,Bangladesh
    Posts
    78
    Ops!

    i didn't follow ur squid.log
    make sure ur acl in squid.conf is correct

  8. #8
    Just Joined!
    Join Date
    Mar 2008
    Posts
    70
    what do you mean that my acl in squid.conf is correct???
    i just made an simple acl and allowed some pc thats it....they are browsing internet very perfectly but via browser proxy......and i want to give browsing with browser proxy....

    i jst made a fresh proxy and edit the squid.conf file
    http_port 8080 transparent

    acl allowed src 192.168.0.123
    acl allowed src 192.168.0.141
    acl allowed src 192.168.0.158
    acl allowed src 192.168.0.157
    acl allowed src 192.168.0.202
    acl allowed src 192.168.0.110
    acl allowed src 192.168.0.245
    acl allowed src 192.168.0.246
    acl allowed src 192.168.0.252
    acl allowed src 192.168.0.250
    acl allowed src 192.168.0.254
    http_access allow allowed

    visible_hostname proxy

    /etc/rc.local
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

  9. #9
    Just Joined!
    Join Date
    Mar 2008
    Posts
    70
    hay !!!!!! Any buddy is there to help me out???????????????

    i also did a setting echo 1 > /proc/sys/net/ipv4/ip_forward and added it in a boot script(/etc/rc.local) but still not achiving the target

    i am also sending a log may be it will helpfull

    /var/log/messages
    May 15 12:37:52 proxy last message repeated 3 times
    May 15 12:38:57 proxy avahi-daemon[2259]: New relevant interface eth1.IPv6 for mDNS.
    May 15 12:38:57 proxy avahi-daemon[2259]: Joining mDNS multicast group on interface eth1.IPv6 with address fe80::200:24ff:fec9:bd85.
    May 15 12:38:57 proxy avahi-daemon[2259]: Registering new address record for fe80::200:24ff:fec9:bd85 on eth1.
    May 15 12:38:59 proxy kernel: eth1: Setting full-duplex based on MII#1 link partner capability of 45e1.
    May 15 12:39:16 proxy gconfd (root-2662): starting (version 2.14.0), pid 2662 user 'root'
    May 15 12:39:16 proxy gconfd (root-2662): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
    May 15 12:39:16 proxy gconfd (root-2662): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
    May 15 12:39:16 proxy gconfd (root-2662): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
    May 15 12:39:20 proxy hcid[1936]: Default passkey agent (:1.6, /org/bluez/applet) registered
    May 15 12:39:20 proxy pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found
    May 15 12:39:20 proxy last message repeated 4 times
    May 15 12:39:24 proxy gconfd (root-2662): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 0
    May 15 12:39:42 proxy avahi-daemon[2259]: New relevant interface eth1.IPv4 for mDNS.
    May 15 12:39:42 proxy avahi-daemon[2259]: Joining mDNS multicast group on interface eth1.IPv4 with address 192.168.0.252.
    May 15 12:39:42 proxy avahi-daemon[2259]: Registering new address record for 192.168.0.252 on eth1.
    May 15 12:39:46 proxy system-config-network[2779]: -+ //etc/modprobe.conf eth0 alias 3c59x
    May 15 12:39:46 proxy system-config-network[2779]: -+ //etc/modprobe.conf eth1 alias tulip
    May 15 12:39:46 proxy system-config-network[2779]: chmod 0644 //etc/sysconfig/networking/devices/ifcfg-eth0
    May 15 12:39:46 proxy system-config-network[2779]: chmod 0644 //etc/sysconfig/networking/devices/ifcfg-eth1

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •