Results 1 to 1 of 1
Hello my friends,
im still trying since a few days to get my SQUID 2.7 work in transparent mode without any results.
The scenery is: eth0 192.168.179.1 ==> connected to ...
- 01-26-2010 #1Just Joined!
- Join Date
- Jan 2010
- Posts
- 1
Squid will not act in transparent mode, ...HELP !!
Hello my friends,
im still trying since a few days to get my SQUID 2.7 work in transparent mode without any results.
The scenery is: eth0 192.168.179.1 ==> connected to INternet by Router
The server ist still connected to the Internet, all funktions are available on localhost.
eth1 192.168.178.1 ==> from PROXY to CLIENT.
Squid works with http_port 3128 transparent configurated and if i type in the Proxyserver informations like 192.168.178.1:80 on the client and try browsing any, i still receive my request. The same result is when i type in 192.168.178.1:3128 in the browsers config.
==> If i clear the PROXYCONIFG in the Browser and try browsing, nothing happens, ... nothing receive .
First i tried it with squid3 but i have had the same results as with the version 2.7 im trying yet.
I have to say that since version 2.7 of SQUID, the Attrib in Config FIle ,,httpd_accel" will not work anymore. Only the Attrib http_port 3128 transparent is commonly used now.
ipv_4 forwarding ist activated !
Code:cat /etc/sysctl.conf # # /etc/sysctl.conf - Configuration file for setting system variables # See /etc/sysctl.d/ for additional system variables. # See sysctl.conf (5) for information. # #kernel.domainname = example.com # Uncomment the following to stop low-level messages on console #kernel.printk = 4 4 1 7 ##############################################################3 # Functions previously found in netbase # # Uncomment the next two lines to enable Spoof protection (reverse-path filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 # Uncomment the next line to enable TCP/IP SYN cookies # This disables TCP Window Scaling # and is not recommended. #net.ipv4.tcp_syncookies=1 # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 #net.ipv6.conf.all.forwarding=1 ################################################################### # Additional settings - these settings can improve the network # security of the host and prevent against some network attacks # including spoofing attacks and man in the middle attacks through # redirection. Some network environments, however, require that these # settings are disabled so review and enable them as needed. # # Ignore ICMP broadcasts #net.ipv4.icmp_echo_ignore_broadcasts = 1 # # Ignore bogus ICMP errors #net.ipv4.icmp_ignore_bogus_error_responses = 1 # # Do not accept ICMP redirects (prevent MITM attacks) #net.ipv4.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_redirects = 0 # _or_ # Accept ICMP redirects only for gateways listed in our default # gateway list (enabled by default) # net.ipv4.conf.all.secure_redirects = 1 # # Do not send ICMP redirects (we are not a router) #net.ipv4.conf.all.send_redirects = 0 # # Do not accept IP source route packets (we are not a router) #net.ipv4.conf.all.accept_source_route = 0 #net.ipv6.conf.all.accept_source_route = 0 # # Log Martian Packets #net.ipv4.conf.all.log_martians = 1 # # The contents of /proc/<pid>/maps and smaps files are only visible to # readers that are allowed to ptrace() the process # kernel.maps_protect = 1
my Squid config file!
Code:acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localnet src 192.168.178.0/24 http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow Safe_ports http_access allow localnet http_access allow localhost http_access deny all always_direct allow all http_reply_access allow localnet http_reply_access deny all icp_access allow localnet icp_access deny all #http_port 127.0.0.1:3128 http_port 3128 transparent hierarchy_stoplist cgi-bin ? cache_mem 256 MB cache_dir ufs /var/spool/squid 2048 16 256 #cache_effective_user squid #cache_effective_group squid access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname serverhtc icp_port 3130 #forwarded_for on coredump_dir /var/spool/squid
At transparent mode and proxy typed in at the Client (192.168.178.1:80 [not 192.168.178.1:3128]), a ,,tcpdump -vvv -i eth1 port 80 " at the server said if ever i try a GET from the CLIENT :
Code:tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 12:21:25.252298 IP (tos 0x0, ttl 128, id 839, offset 0, flags [DF], proto TCP (6), length 48) hiddenone.1083 > serverhtc.www: Flags [S], cksum 0xc456 (correct), seq 2583575466, win 65535, options [mss 1260,nop,nop,sackOK], length 0 12:21:25.252368 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48) serverhtc.www > hiddenone.1083: Flags [S.], cksum 0x6b3a (correct), seq 4087631310, ack 2583575467, win 5840, options [mss 1460,nop,nop,sackOK], length 0 12:21:25.252537 IP (tos 0x0, ttl 128, id 841, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1083 > serverhtc.www: Flags [.], cksum 0xaece (correct), seq 1, ack 1, win 65535, length 0 12:21:25.253036 IP (tos 0x0, ttl 128, id 842, offset 0, flags [DF], proto TCP (6), length 591) hiddenone.1083 > serverhtc.www: Flags [P.], seq 1:552, ack 1, win 65535, length 551 12:21:25.253065 IP (tos 0x0, ttl 64, id 32008, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1083: Flags [.], cksum 0x92d3 (correct), seq 1, ack 552, win 6612, length 0 12:21:25.341674 IP (tos 0x0, ttl 64, id 32009, offset 0, flags [DF], proto TCP (6), length 435) serverhtc.www > hiddenone.1083: Flags [P.], seq 1:396, ack 552, win 6612, length 395 12:21:25.341700 IP (tos 0x0, ttl 64, id 32010, offset 0, flags [DF], proto TCP (6), length 1210) serverhtc.www > hiddenone.1083: Flags [P.], seq 396:1566, ack 552, win 6612, length 1170 12:21:25.342749 IP (tos 0x0, ttl 128, id 844, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1083 > serverhtc.www: Flags [.], cksum 0xa68a (correct), seq 552, ack 1566, win 65535, length 0 12:21:25.343888 IP (tos 0x0, ttl 64, id 32011, offset 0, flags [DF], proto TCP (6), length 1300) serverhtc.www > hiddenone.1083: Flags [.], seq 1566:2826, ack 552, win 6612, length 1260 12:21:25.343899 IP (tos 0x0, ttl 64, id 32012, offset 0, flags [DF], proto TCP (6), length 198) serverhtc.www > hiddenone.1083: Flags [P.], seq 2826:2984, ack 552, win 6612, length 158 12:21:25.344499 IP (tos 0x0, ttl 128, id 845, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1083 > serverhtc.www: Flags [.], cksum 0xa100 (correct), seq 552, ack 2984, win 65535, length 0 12:21:25.346284 IP (tos 0x0, ttl 64, id 32013, offset 0, flags [DF], proto TCP (6), length 1300) serverhtc.www > hiddenone.1083: Flags [.], seq 2984:4244, ack 552, win 6612, length 1260 12:21:25.346295 IP (tos 0x0, ttl 64, id 32014, offset 0, flags [DF], proto TCP (6), length 288) serverhtc.www > hiddenone.1083: Flags [P.], seq 4244:4492, ack 552, win 6612, length 248 12:21:25.346997 IP (tos 0x0, ttl 128, id 846, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1083 > serverhtc.www: Flags [.], cksum 0x9b1c (correct), seq 552, ack 4492, win 65535, length 0 12:21:25.354973 IP (tos 0x0, ttl 64, id 32015, offset 0, flags [DF], proto TCP (6), length 485) serverhtc.www > hiddenone.1083: Flags [P.], seq 4492:4937, ack 552, win 6612, length 445 12:21:25.364235 IP (tos 0x0, ttl 128, id 848, offset 0, flags [DF], proto TCP (6), length 703) hiddenone.1083 > serverhtc.www: Flags [P.], seq 552:1215, ack 4937, win 65090, length 663 12:21:25.364260 IP (tos 0x0, ttl 64, id 32016, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1083: Flags [.], cksum 0x77b4 (correct), seq 4937, ack 1215, win 7956, length 0 12:21:25.367987 IP (tos 0x0, ttl 128, id 850, offset 0, flags [DF], proto TCP (6), length 48) hiddenone.1084 > serverhtc.www: Flags [S], cksum 0x38da (correct), seq 3342572008, win 65535, options [mss 1260,nop,nop,sackOK], length 0 12:21:25.368022 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48) serverhtc.www > hiddenone.1084: Flags [S.], cksum 0x5f14 (correct), seq 4095200772, ack 3342572009, win 5840, options [mss 1460,nop,nop,sackOK], length 0 12:21:25.368232 IP (tos 0x0, ttl 128, id 852, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1084 > serverhtc.www: Flags [.], cksum 0xa2a8 (correct), seq 1, ack 1, win 65535, length 0 12:21:25.375482 IP (tos 0x0, ttl 128, id 853, offset 0, flags [DF], proto TCP (6), length 48) hiddenone.1085 > serverhtc.www: Flags [S], cksum 0x40a8 (correct), seq 832382904, win 65535, options [mss 1260,nop,nop,sackOK], length 0 12:21:25.375509 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48) serverhtc.www > hiddenone.1085: Flags [S.], cksum 0xc87d (correct), seq 4093734015, ack 832382905, win 5840, options [mss 1460,nop,nop,sackOK], length 0 12:21:25.375734 IP (tos 0x0, ttl 128, id 855, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1085 > serverhtc.www: Flags [.], cksum 0x0c12 (correct), seq 1, ack 1, win 65535, length 0 12:21:25.379730 IP (tos 0x0, ttl 128, id 856, offset 0, flags [DF], proto TCP (6), length 48) hiddenone.1086 > serverhtc.www: Flags [S], cksum 0xad91 (correct), seq 2240767707, win 65535, options [mss 1260,nop,nop,sackOK], length 0 12:21:25.379755 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48) serverhtc.www > hiddenone.1086: Flags [S.], cksum 0x6e33 (correct), seq 4090180585, ack 2240767708, win 5840, options [mss 1460,nop,nop,sackOK], length 0 12:21:25.379981 IP (tos 0x0, ttl 128, id 858, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1086 > serverhtc.www: Flags [.], cksum 0xb1c7 (correct), seq 1, ack 1, win 65535, length 0 12:21:25.380479 IP (tos 0x0, ttl 128, id 859, offset 0, flags [DF], proto TCP (6), length 707) hiddenone.1084 > serverhtc.www: Flags [P.], seq 1:668, ack 1, win 65535, length 667 12:21:25.380507 IP (tos 0x0, ttl 64, id 65239, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1084: Flags [.], cksum 0x85ff (correct), seq 1, ack 668, win 6670, length 0 12:21:25.382229 IP (tos 0x0, ttl 128, id 861, offset 0, flags [DF], proto TCP (6), length 707) hiddenone.1085 > serverhtc.www: Flags [P.], seq 1:668, ack 1, win 65535, length 667 12:21:25.382252 IP (tos 0x0, ttl 64, id 23635, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1085: Flags [.], cksum 0xef68 (correct), seq 1, ack 668, win 6670, length 0 12:21:25.382468 IP (tos 0x0, ttl 128, id 863, offset 0, flags [DF], proto TCP (6), length 708) hiddenone.1086 > serverhtc.www: Flags [P.], seq 1:669, ack 1, win 65535, length 668 12:21:25.382491 IP (tos 0x0, ttl 64, id 830, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1086: Flags [.], cksum 0x9513 (correct), seq 1, ack 669, win 6680, length 0 12:21:25.389066 IP (tos 0x0, ttl 64, id 32017, offset 0, flags [DF], proto TCP (6), length 469) serverhtc.www > hiddenone.1083: Flags [P.], seq 4937:5366, ack 1215, win 7956, length 429 12:21:25.404217 IP (tos 0x0, ttl 128, id 865, offset 0, flags [DF], proto TCP (6), length 712) hiddenone.1083 > serverhtc.www: Flags [P.], seq 1215:1887, ack 5366, win 64661, length 672 12:21:25.423442 IP (tos 0x0, ttl 64, id 65240, offset 0, flags [DF], proto TCP (6), length 469) serverhtc.www > hiddenone.1084: Flags [P.], seq 1:430, ack 668, win 6670, length 429 12:21:25.434290 IP (tos 0x0, ttl 64, id 23636, offset 0, flags [DF], proto TCP (6), length 469) serverhtc.www > hiddenone.1085: Flags [P.], seq 1:430, ack 668, win 6670, length 429 12:21:25.437325 IP (tos 0x0, ttl 64, id 32018, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1083: Flags [.], cksum 0x6dbb (correct), seq 5366, ack 1887, win 9408, length 0 12:21:25.447312 IP (tos 0x0, ttl 64, id 831, offset 0, flags [DF], proto TCP (6), length 472) serverhtc.www > hiddenone.1086: Flags [P.], seq 1:433, ack 669, win 6680, length 432 12:21:25.456191 IP (tos 0x0, ttl 64, id 32019, offset 0, flags [DF], proto TCP (6), length 469) serverhtc.www > hiddenone.1083: Flags [P.], seq 5366:5795, ack 1887, win 9408, length 429 12:21:25.559638 IP (tos 0x0, ttl 128, id 867, offset 0, flags [DF], proto TCP (6), length 706) hiddenone.1084 > serverhtc.www: Flags [P.], seq 668:1334, ack 430, win 65106, length 666 12:21:25.559665 IP (tos 0x0, ttl 64, id 65241, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1084: Flags [.], cksum 0x7c82 (correct), seq 430, ack 1334, win 8004, length 0 12:21:25.568133 IP (tos 0x0, ttl 128, id 869, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1085 > serverhtc.www: Flags [.], cksum 0x0977 (correct), seq 668, ack 430, win 65106, length 0 12:21:25.568151 IP (tos 0x0, ttl 128, id 870, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1086 > serverhtc.www: Flags [.], cksum 0xaf2b (correct), seq 669, ack 433, win 65103, length 0 12:21:25.568160 IP (tos 0x0, ttl 128, id 871, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1083 > serverhtc.www: Flags [.], cksum 0x90ce (correct), seq 1887, ack 5795, win 65535, length 0 12:21:25.585836 IP (tos 0x0, ttl 64, id 65242, offset 0, flags [DF], proto TCP (6), length 469) serverhtc.www > hiddenone.1084: Flags [P.], seq 430:859, ack 1334, win 8004, length 429 12:21:25.614859 IP (tos 0x0, ttl 128, id 872, offset 0, flags [DF], proto TCP (6), length 627) hiddenone.1085 > serverhtc.www: Flags [P.], seq 668:1255, ack 430, win 65106, length 587 12:21:25.614883 IP (tos 0x0, ttl 64, id 23637, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1085: Flags [.], cksum 0xe63a (correct), seq 430, ack 1255, win 8004, length 0 12:21:25.680291 IP (tos 0x0, ttl 64, id 23638, offset 0, flags [DF], proto TCP (6), length 356) serverhtc.www > hiddenone.1085: Flags [P.], seq 430:746, ack 1255, win 8004, length 316 12:21:25.702063 IP (tos 0x0, ttl 128, id 874, offset 0, flags [DF], proto TCP (6), length 764) hiddenone.1086 > serverhtc.www: Flags [P.], seq 669:1393, ack 433, win 65103, length 724 12:21:25.702085 IP (tos 0x0, ttl 64, id 832, offset 0, flags [DF], proto TCP (6), length 40) serverhtc.www > hiddenone.1086: Flags [.], cksum 0x8b8b (correct), seq 433, ack 1393, win 7964, length 0 12:21:25.762030 IP (tos 0x0, ttl 64, id 833, offset 0, flags [DF], proto TCP (6), length 447) serverhtc.www > hiddenone.1086: Flags [P.], seq 433:840, ack 1393, win 7964, length 407 12:21:25.768279 IP (tos 0x0, ttl 128, id 876, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1084 > serverhtc.www: Flags [.], cksum 0x9d73 (correct), seq 1334, ack 859, win 64677, length 0 12:21:25.868479 IP (tos 0x0, ttl 128, id 877, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1085 > serverhtc.www: Flags [.], cksum 0x072c (correct), seq 1255, ack 746, win 64790, length 0 12:21:25.868498 IP (tos 0x0, ttl 128, id 878, offset 0, flags [DF], proto TCP (6), length 40) hiddenone.1086 > serverhtc.www: Flags [.], cksum 0xac57 (correct), seq 1393, ack 840, win 64696, length 0
OK, my query was received from the SQUID !
A ,,tail -f /var/log/squid/access.log" said the following
NOTE: the xx are from my while editing this thread, i'm not able to post URLs here !Code:1264505075.898 46 192.168.178.10 TCP_MISS/200 4951 GET url=xxhtxxtp://wxxww.google.dexx - DIRECT/74.125.39.106 text/html 1264505075.939 24 192.168.178.10 TCP_CLIENT_REFRESH_MISS/304 429 GET xxhtxxtp://wxxww.google.de/images/toolbar_sm.pngxx - DIRECT/74.125.39.106 - 1264505075.951 34 192.168.178.10 TCP_CLIENT_REFRESH_MISS/304 430 GET xxhtxxtp://wxxww.google.de/images/close_sm.gifxx - DIRECT/74.125.39.99 - 1264505075.962 43 192.168.178.10 TCP_CLIENT_REFRESH_MISS/304 429 GET xxhtxxtp://wxxww.google.de/images/dl_btn_left.gifxx - DIRECT/74.125.39.105 - 1264505075.970 44 192.168.178.10 TCP_CLIENT_REFRESH_MISS/304 432 GET xxhtxxtp://wxxww.google.de/images/dl_btn_right.gifxx - DIRECT/74.125.39.104 - 1264505075.981 40 192.168.178.10 TCP_CLIENT_REFRESH_MISS/304 430 GET xxhtxxtp://wxxww.google.de/intl/de_de/images/logo.gifxx - DIRECT/74.125.39.106 - 1264505076.076 28 192.168.178.10 TCP_CLIENT_REFRESH_MISS/304 429 GET xxhtxxtp://wxxww.google.de/images/nav_logo7.pngxx - DIRECT/74.125.39.106 - 1264505076.205 0 192.168.178.10 TCP_NEGATIVE_HIT/204 325 GET xxhtxxtp://clients1.google.de/generate_204xx - NONE/- text/html 1264505076.264 55 192.168.178.10 TCP_MISS/204 407 GET xxhtxxtp://wxxww.google.de/csi?xx - DIRECT/74.125.39.106 text/html
Ok, now i trying it without any proxy configuration on the CLient and nothing happens.
A ,, tcpdump -vvv -i eth1 port 80" said nothing!
But a ,,tcpdump -vvv -i eth1 | grep port " if i trying a request from the client again.
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
serverhtc > hiddenone: ICMP serverhtc udp port domain unreachable, length 67
serverhtc > hiddenone: ICMP serverhtc udp port domain unreachable, length 67
If i really need ICMP to let act SQUID in TRANSPARENT mode? Is that the fault? I've googled nothing about UDP only PREROUTE ==> REDIRECT / DNAT of TCP, but nothing about UDP!! ??
SQUID is still listening:
A ,,sockstat" said:Code:lsof | grep LISTEN sshd 1228 root 3u IPv4 5047 0t0 TCP *:ssh (LISTEN) sshd 1228 root 4u IPv6 5049 0t0 TCP *:ssh (LISTEN) mysqld 1442 mysql 10u IPv4 5571 0t0 TCP localhost:mysql (LISTEN) cupsd 1576 root 5u IPv6 31261 0t0 TCP localhost:ipp (LISTEN) cupsd 1576 root 6u IPv4 31262 0t0 TCP localhost:ipp (LISTEN) apache2 1711 root 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1711 root 4u IPv4 6240 0t0 TCP *:https (LISTEN) apache2 1779 www-data 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1779 www-data 4u IPv4 6240 0t0 TCP *:https (LISTEN) apache2 1780 www-data 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1780 www-data 4u IPv4 6240 0t0 TCP *:https (LISTEN) apache2 1781 www-data 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1781 www-data 4u IPv4 6240 0t0 TCP *:https (LISTEN) apache2 1782 www-data 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1782 www-data 4u IPv4 6240 0t0 TCP *:https (LISTEN) apache2 1783 www-data 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1783 www-data 4u IPv4 6240 0t0 TCP *:https (LISTEN) miniserv. 1824 root 5u IPv4 6475 0t0 TCP *:webmin (LISTEN) apache2 1938 www-data 3u IPv4 6238 0t0 TCP *:www (LISTEN) apache2 1938 www-data 4u IPv4 6240 0t0 TCP *:https (LISTEN) squid 10517 proxy 13u IPv4 35838 0t0 TCP *:3128 (LISTEN)
Code:sockstat | grep squid proxy squid 10517 udp4 *:54738 *:* CLOSED root squid 10517 tcp4 *:3128 *:* LISTEN root squid 10517 udp4 *:3130 *:* CLOSED
nmap 192.168.178.1
Code:Starting Nmap 5.00 ( Nmap - Free Security Scanner For Network Exploration & Security Audits.) at 2010-01-26 13:39 CET Interesting ports on serverhtc (192.168.178.1): Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 3128/tcp open squid-http 10000/tcp open snet-sensor-mgmt Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds
IPTABLES with following rules!!
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.179.1:3128
and the Redirect
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
My IPTABLES iptables.up.rules
Code:# Generated by iptables-save v1.4.4 on Mon Jan 25 15:38:09 2010 *mangle ACCEPT [0:0] :PREROUTING ACCEPT [0:0]] :INPUT ACCEPT [0:0]ections to Squid proxy :FORWARD ACCEPT [0:0]-m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 3128 :OUTPUT ACCEPT [0:0]est 192.168.178.1:3128 :POSTROUTING ACCEPT [0:0]cp -i eth0 --dport 80 -j DNAT --to-destination 192.168.178.1:3128 COMMIT # Completed on Mon Jan 25 15:38:09 2010 # Generated by iptables-save v1.4.4 on Mon Jan 25 15:38:09 2010 *natter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Mon Jan 25 15:38:09 2010
The Shorewall isnt installed, only the standard linux firewall with these 2 rules !!
my Routingtable:
But localy the Internetconnection is available !Code:route -n Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.179.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.179.254 0.0.0.0 UG 100 0 0 eth0
lsmod
Code:lsmod Module Size Used by ppdev 8232 0 ipt_REDIRECT 2016 3 xt_tcpudp 3616 5 iptable_nat 6656 1 nf_nat 22164 2 ipt_REDIRECT,iptable_nat nf_conntrack_ipv4 16376 3 iptable_nat,nf_nat nf_conntrack 80832 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nf_defrag_ipv4 2400 1 nf_conntrack_ipv4 iptable_mangle 4192 0 amd64_edac_mod 26688 0 i2c_nforce2 8168 0 serio_raw 6596 0 iptable_filter 3872 0 ip_tables 21200 3 iptable_nat,iptable_mangle,iptable_filter edac_core 48876 3 amd64_edac_mod dm_crypt 14888 0 lp 11908 0 parport 40528 2 ppdev,lp x_tables 25832 4 ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables usbhid 43968 0 e1000 133252 0 tg3 123748 0
HElp Help Help
Plesase helpable and construcable Feedback
With best regards,
Dave
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts