March 29, 2024, 08:42:27 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Transparent PROXY NOT working on Fedora  (Read 7317 times)

Offline mchenhl

  • Linux Noob !
  • *
  • Posts: 4
Transparent PROXY NOT working on Fedora
« on: April 04, 2004, 09:45:37 AM »
Hi everyone.

I am Penguin newbie. I just installed Fedora Core 1 and Squid 2.5 Stable5. IE works when I setup the browser to port 3128 directly only.

My problem is to get the transparent proxy working. checked the log doesnt shows any activity.

The linux box isn't the gateway. is that the problem? the gateway is the cisco PIX firewall.
The linux box is sitting on a Windows domain.

do i need to recompile the kernel to setup netfilter. how do i check? i am not sure as i have no knowledge in compiling the kernel.

The linux box is just sitting to cache web pages.

Tried iptables to redirect port 80 to 3128 doesnt work, the transparent proxy not working. ipforward is set to 1.

what should I do? Browsed all the help on the net. Tried everything.

PLEASE Help.

Penguin

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Transparent PROXY NOT working on Fedora
« Reply #1 on: April 04, 2004, 11:20:12 AM »
Well.. if you have seen my tutorial Squid transparent proxy configuration  then you should have noticed that your NAT should be working fine apart of working simple squid proxy. Also ya it requires your Linux Box to be gateway. You can make this..
Code: [Select]
PIX firwall --> Linux Box --> Clients It doesn't matter that is it in windows domain or not. :)

Offline mchenhl

  • Linux Noob !
  • *
  • Posts: 4
Transparent PROXY NOT working on Fedora
« Reply #2 on: April 05, 2004, 12:26:25 AM »
Hi there,

Thanks for quick response. Well, the thing is I dont want all the clients pointing the linux box as a gateway. Your solution meaning it requires 2 network adapter to be a gateway, i just want to make sure.

The network here has a VPN tunnel. It will make life more difficult  from the otherside tunneling back to the network here as NAT and I dont want to reconfigure the PIX again.

Won't there be another way to configure it as transparent caching server sitting as a member of the domain?

Thanks again.

Regards,
Penguin

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Transparent PROXY NOT working on Fedora
« Reply #3 on: April 05, 2004, 12:56:40 PM »
Ok you don't want NAT. then you can use simple proxy to take the benefit of caching..
Tell me if you have diff requirement

Offline mchenhl

  • Linux Noob !
  • *
  • Posts: 4
Transparent PROXY NOT working on Fedora
« Reply #4 on: April 06, 2004, 12:27:40 AM »
Hi Ricky,

Beside simple proxying configuring the browser to point to squid port, what else can I do to have transparent proxy?

Well, what i want is to have central admin, where all the users have no way bypass the proxy and not to reconfigure all the client's browser.

My concern is what if the proxy server goes down, then need to reconfigure all the browser again.

that the beauty of transparent proxy I learned.

And again, thanks for advice.

Regards,
Penguin

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Transparent PROXY NOT working on Fedora
« Reply #5 on: April 06, 2004, 07:14:56 AM »
You can use two way NAT to do your VPN stuff.. ie .. also masqurading then request get out from your network..

Offline mchenhl

  • Linux Noob !
  • *
  • Posts: 4
Transparent PROXY NOT working on Fedora
« Reply #6 on: April 06, 2004, 09:31:57 AM »
Hi ricky,

can you explain more detail? You meaning is use the squid as gateway and do both NAT on PIX and squid?

I'm a bit stupid in Linux...iptables and many more..

Penguin

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Transparent PROXY NOT working on Fedora
« Reply #7 on: April 08, 2004, 03:52:57 PM »
That is nothing very special. but simply u can do two way masqurading.. ie.. masqurade ur internal network also external.
.I have not done such thing but just have seen somewhere about that thought.. it is for VPN purposes..
 amm.. i think you should try smoothwall that is better to fit u!!