March 19, 2024, 03:03:38 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: ACL on Transparent proxy  (Read 11949 times)

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL on Transparent proxy
« on: June 17, 2005, 07:14:07 AM »
Hi all

I have installed transparent proxy its working fine but i am not able to block certain sites which i have in ACLs, then i have changed settings in browser now ACL are applied.

BUT users are removing the Browser settings and able to access restricted sites.

Pls can any one tel me

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
ACL on Transparent proxy
« Reply #1 on: June 18, 2005, 03:04:11 PM »
I think u  have done NAT as well as proxy but no Transparent proxy..

Which means request are directly getting served by NAT.

make sure you are redirecting all request on the squid machine for port 80 to squid's port .. mostly 3128 .

See the tutorial again for that !

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL on Transparent proxy
« Reply #2 on: June 20, 2005, 08:58:12 AM »
As said by in your tutorial i have created a file called rc.nat in rc.d directory and insert three command lines in the order below mention.

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface eth0 -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

echo 1 > /proc/sys/net/ipv4/ip_forward

still users are able to access restricted sites. pls see the rc.nat file wheteher it is correct and suggest any changes. my etho is public IP and eth1 is private ip

tks

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
ACL on Transparent proxy
« Reply #3 on: June 21, 2005, 04:48:57 AM »
Ok. here I got the problem, you have done mistake in port forwarding..

The lines you have to modify are..
Quote from: "ilias"
iptables --append FORWARD --in-interface eth0 -j ACCEPT

To...
Code: [Select]
iptables --append FORWARD --in-interface eth1 -j ACCEPT

And ....

Quote from: "ilias"
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

To...
Code: [Select]
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

NOTE that I have changed the eth0 to eth1 for you. And please also make sure that your squid is accepting the connection at port 3128 which means you have set in squid.conf as the following which means squid will serve the request at port 3128
Code: [Select]
http_port 3128

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL on Transparent proxy
« Reply #4 on: June 21, 2005, 05:39:58 AM »
tks a lot ricky, what about the first command line

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

and my squid listens on both the port 3128 and 80

tks
ilias

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
ACL on Transparent proxy
« Reply #5 on: June 22, 2005, 05:14:44 PM »
That first line is ok, and I think don't make squid to listen on port 80 also as many times it can cause conflicts with other application. You can use any other port like 6558 which I prefer as secondry !

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL on Transparent proxy
« Reply #6 on: June 23, 2005, 06:45:24 AM »
ok, tks ricky

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL & Transparent proxy
« Reply #7 on: June 28, 2005, 03:06:40 AM »
After successfully installing transparent proxy as said above everything is fine except a glitch, i am not able to browse ftp sites. Its ask for the user name and password . Its keeps searching the directory listings.

"Getting contents of the folder" is displayed in the status bar. pls can anyone help me

tks in advance

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
ACL on Transparent proxy
« Reply #8 on: June 29, 2005, 06:22:28 AM »
basically that happens due to slow internet uplink !
What do you say ?

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL on Transparent proxy
« Reply #9 on: July 01, 2005, 09:37:17 AM »
I have installed transparent proxy especialy for accessing FTP sites, but even after that it showed tha above error. There is nothing wrong in proxy settings.

I Have changed the browser seetings for passine mode, it worked.

tks for one and all

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
ACL on Transparent proxy
« Reply #10 on: July 08, 2005, 09:00:45 AM »
i have configured the browser to listen on passide mode

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
ACL on Transparent proxy
« Reply #11 on: July 09, 2005, 04:32:03 PM »
I am happy to hear that ..
:)

Offline manojkumar.np

  • New Member
  • Posts: 1
Thaks...
« Reply #12 on: May 26, 2006, 07:12:54 AM »
Dear ..

Really i thanks to both..i have been struggled for this transparent configuration before this forum.Now i got a solution & working fine.Once again thx to both..

Manojkumar.N.P.