Linux Forums - Linux Help,Advice & support community:LinuxSolved.com

Network Troublshooting => General Networking Support in Linux => Topic started by: segun1ng on December 01, 2003, 01:55:32 PM

Title: IP masq and squid proxy.
Post by: segun1ng on December 01, 2003, 01:55:32 PM
I need to know how to configure squid proxy and IP masq on my server, if I may say the necessery conf and steps to take in getting it solved. I will appreciate it.
Title: IP masq and squid proxy.
Post by: Ricky on December 02, 2003, 06:31:08 AM
I think you are asking for transparent proxy:: but i m giving you both solution 1. only routing.. 2. transparent proxy..
1. Only Nat or routing::
Code: [Select]
#!/bin/sh
iptables=/sbin/iptables



$iptables --flush -t nat


iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
In above i m assuming that you have eth1 connected to internet and eth0  your local network.. By running the above script on your computert u will able to share the internet from it to other computers.

2. Now for transparent proxy...
Code: [Select]
#Transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Now in addition to script of NAT if you use these lines on your computer u wil be able to use transparent proxy . i am assuming that your proxy port is 3128.
Title: IP masq and squid proxy.
Post by: segun1ng on December 02, 2003, 07:36:24 AM
I need to know how am going to run the follow script and how to edit the transparent scripts.
were do I go to if i want to run this script. I need to know the steps to take .
Thanks
Title: IP masq and squid proxy.
Post by: Ricky on December 02, 2003, 12:43:10 PM
just make a text file say !!  "rc.nat" and put all the above code in that file now... save this file to your startup script directory i.e. /etc/rc.d/

Also make that file execuatble by
Code: [Select]
chmod 755 <filename>
the last step is to open the /etc/rc.d/rc.local file and in the end of file put the following  
Code: [Select]
/etc/rc.d/rc.nat It will make the script to be execute on bootup..
Title: How setup squid RedHat 9.0
Post by: williang on December 03, 2003, 10:57:22 PM
I have a problem with the squid in Redhat 9.0, Whwn I finished to install it and I type
service  squid start , it's not work

Which the problem is ?
Title: IP masq and squid proxy.
Post by: Ricky on December 04, 2003, 03:55:37 AM
I think you should ask this in "linux server" forum..  
First read there previous threads about proxy.. if you don't find there answer than start a new thread.. also paste last 8 lines of your cache.log
Title: ssl web, IRC, FTP can't
Post by: smaracatur on December 06, 2003, 08:14:41 AM
i just installed the newest squid STABLE5 on Linux RH 9.0 but i ve a problem why i can't accessing a ssl web site and use IRC and FTP from my client. is the problem from the squid or the Linunx? and what should  i do? thx.
Title: IP masq and squid proxy.
Post by: Ricky on December 06, 2003, 09:06:20 AM
Well regarding ssl .. it seems that you have not configured your clients browsers correctly..  
Regarding FTP and IRc.. have you configured your ftp to use proxy ??

Also try to use the squid.conf which is posted by me in a different thread..
Title: IP masq and squid proxy.
Post by: ashwin_ice on January 05, 2004, 05:31:02 AM
Dear Ricky,


                  I think the the Transparent Proxy isn't working because I just cannot seem to get MS Outlook/Outlook express to send and receive mails directly to and from "mail.xyz.com" which is Our remotely hoste mail server. I've tried using the suggestion for the transparent proxy as you'd said be creating the rc.nat file in the etc/rc.d and adding the command in rc.local. It doesn't work.

I think configuring the Box as a Router seems more sensible as it would allow my clients to directly use the box as a ROUTER not as a NAT ROUTER. How can I configure my RH 8.0 to act as a non NAT Router for the two interfaces allowing anyone to access it as a gateway. And the second NIC does not have a PUBLIC IP but has a Static IP on my ISP's network.

PLease could you give me some links that would enable me to do this. I need my clients on network 192.168.0.x to abe able to ping to their gateway 10.10.100.x and use the DNS of the ISP. I guess this can be done through IPTABLES forwarding right but I maintain I cannot USE a NAT or Masquerading as my client IP's NEED TO remain STATIC.

 I am currently doing this with a ADSL router configured the same way on another connecton. This router works in the above way. I need to have My Linux router do the same beacause of this is done all my problems are solved. And security not being so much of a concern as of now but If a firewall can be implemented simultaneously without hampering the 110:POP3 and 25:SMTP Send and Receive

Thanks and Kind Regards

Ashwin  :)
Title: IP masq and squid proxy.
Post by: Ricky on January 05, 2004, 06:16:57 AM
Quote
think configuring the Box as a Router seems more sensible as it would allow my clients to directly use the box as a ROUTER not as a NAT ROUTER. How can I configure my RH 8.0 to act as a non NAT Router for the two interfaces allowing anyone to access it as a gateway. And the second NIC does not have a PUBLIC IP but has a Static IP on my ISP's network.
Well your requirement suggest to use firewall. Also when u are using redirect for transpransy then no one can access http directly as it get reidrected  to  squid. For other ports u can include following lines in your rc.nat . I have given example for two ports only . You can use more.

Code: [Select]
iptables -A INPUT -p udp -i eth0 --dport 21 -j DROP
iptables -A INPUT -p tcp -i eth0 --dport 22 -j  DROP
You have to enable ip forwarding.
Lastly make sure that u r able to access internet  from your any client without entering the proxy ports . If u r unable then ur proxy is not transparent.
Also NAT works for static ip network. Dont forget to add DNS servers of ur ISP in every client
Title: Sorry I saw ur reply in this Thread Just now
Post by: ashwin_ice on January 06, 2004, 12:17:26 PM
:(  Um awfully sorry ricky... I just saw your reply to my posting which I hadn't realised that I'd pasted in someone else's Thread. I was just retracing the solution u'd given me and I saw my post and your reply to the same just now  :( . This makes a lot of sense ricky.. configuring ports I want directly routed to use the router and HTTP browsers to use Squid.  Thank you so much but I hope this is all that I have to do...

Firstly I need to flush all the earlier TRANSPARENT PROXY settings which I'd made with these commands u'd posted earlier in this thread:

iptables=/sbin/iptables

$iptables --flush -t nat

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward  


Then


iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

Then

iptables -A INPUT -p udp -i eth0 --dport 21 -j DROP
iptables -A INPUT -p tcp -i eth0 --dport 22 -j  DROP
iptables -A INPUT -p smtp -i eth0 dport 25 -j DROP
                               "
Now Ricky Why r we saying Drop and I guess the Forwarding has been done in the previous step Correct  :D ! Now like is this enough or Do I need to configure more...
Title: IP masq and squid proxy.
Post by: Ricky on January 06, 2004, 02:22:52 PM
Quote
Now Ricky Why r we saying Drop and I guess the Forwarding has been done in the previous step Correct  ! Now like is this enough or Do I need to configure more...

You don't need to use Drop at all. I suggest you as you was saying to do..
Also i have understood your earlier requirements wrongly ie.. you said..  
Quote
would allow my clients to directly use the box as a ROUTER not as a NAT ROUTER.  
well saying router and NAT router is same thing. .. but the table about redirecting has done every thing already..  if you need more then instead of dropping you can redirect that to 8080 port.. Also you don't need more masquradind.. only one line is required..