October 30, 2014, 02:27:04 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: IP masq and squid proxy.  (Read 4980 times)

Offline segun1ng

  • Linux Noob !
  • *
  • Posts: 25
IP masq and squid proxy.
« on: December 01, 2003, 01:55:32 PM »
I need to know how to configure squid proxy and IP masq on my server, if I may say the necessery conf and steps to take in getting it solved. I will appreciate it.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
IP masq and squid proxy.
« Reply #1 on: December 02, 2003, 06:31:08 AM »
I think you are asking for transparent proxy:: but i m giving you both solution 1. only routing.. 2. transparent proxy..
1. Only Nat or routing::
Code: [Select]
#!/bin/sh
iptables=/sbin/iptables



$iptables --flush -t nat


iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
In above i m assuming that you have eth1 connected to internet and eth0  your local network.. By running the above script on your computert u will able to share the internet from it to other computers.

2. Now for transparent proxy...
Code: [Select]
#Transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Now in addition to script of NAT if you use these lines on your computer u wil be able to use transparent proxy . i am assuming that your proxy port is 3128.

Offline segun1ng

  • Linux Noob !
  • *
  • Posts: 25
IP masq and squid proxy.
« Reply #2 on: December 02, 2003, 07:36:24 AM »
I need to know how am going to run the follow script and how to edit the transparent scripts.
were do I go to if i want to run this script. I need to know the steps to take .
Thanks

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
IP masq and squid proxy.
« Reply #3 on: December 02, 2003, 12:43:10 PM »
just make a text file say !!  "rc.nat" and put all the above code in that file now... save this file to your startup script directory i.e. /etc/rc.d/

Also make that file execuatble by
Code: [Select]
chmod 755 <filename>
the last step is to open the /etc/rc.d/rc.local file and in the end of file put the following  
Code: [Select]
/etc/rc.d/rc.nat It will make the script to be execute on bootup..

Offline williang

  • New Member
  • Posts: 1
How setup squid RedHat 9.0
« Reply #4 on: December 03, 2003, 10:57:22 PM »
I have a problem with the squid in Redhat 9.0, Whwn I finished to install it and I type
service  squid start , it's not work

Which the problem is ?

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
IP masq and squid proxy.
« Reply #5 on: December 04, 2003, 03:55:37 AM »
I think you should ask this in "linux server" forum..  
First read there previous threads about proxy.. if you don't find there answer than start a new thread.. also paste last 8 lines of your cache.log

Offline smaracatur

  • New Member
  • Posts: 1
ssl web, IRC, FTP can't
« Reply #6 on: December 06, 2003, 08:14:41 AM »
i just installed the newest squid STABLE5 on Linux RH 9.0 but i ve a problem why i can't accessing a ssl web site and use IRC and FTP from my client. is the problem from the squid or the Linunx? and what should  i do? thx.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
IP masq and squid proxy.
« Reply #7 on: December 06, 2003, 09:06:20 AM »
Well regarding ssl .. it seems that you have not configured your clients browsers correctly..  
Regarding FTP and IRc.. have you configured your ftp to use proxy ??

Also try to use the squid.conf which is posted by me in a different thread..

Offline ashwin_ice

  • Linux Noob !
  • *
  • Posts: 10
IP masq and squid proxy.
« Reply #8 on: January 05, 2004, 05:31:02 AM »
Dear Ricky,


                  I think the the Transparent Proxy isn't working because I just cannot seem to get MS Outlook/Outlook express to send and receive mails directly to and from "mail.xyz.com" which is Our remotely hoste mail server. I've tried using the suggestion for the transparent proxy as you'd said be creating the rc.nat file in the etc/rc.d and adding the command in rc.local. It doesn't work.

I think configuring the Box as a Router seems more sensible as it would allow my clients to directly use the box as a ROUTER not as a NAT ROUTER. How can I configure my RH 8.0 to act as a non NAT Router for the two interfaces allowing anyone to access it as a gateway. And the second NIC does not have a PUBLIC IP but has a Static IP on my ISP's network.

PLease could you give me some links that would enable me to do this. I need my clients on network 192.168.0.x to abe able to ping to their gateway 10.10.100.x and use the DNS of the ISP. I guess this can be done through IPTABLES forwarding right but I maintain I cannot USE a NAT or Masquerading as my client IP's NEED TO remain STATIC.

 I am currently doing this with a ADSL router configured the same way on another connecton. This router works in the above way. I need to have My Linux router do the same beacause of this is done all my problems are solved. And security not being so much of a concern as of now but If a firewall can be implemented simultaneously without hampering the 110:POP3 and 25:SMTP Send and Receive

Thanks and Kind Regards

Ashwin  :)

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
IP masq and squid proxy.
« Reply #9 on: January 05, 2004, 06:16:57 AM »
Quote
think configuring the Box as a Router seems more sensible as it would allow my clients to directly use the box as a ROUTER not as a NAT ROUTER. How can I configure my RH 8.0 to act as a non NAT Router for the two interfaces allowing anyone to access it as a gateway. And the second NIC does not have a PUBLIC IP but has a Static IP on my ISP's network.
Well your requirement suggest to use firewall. Also when u are using redirect for transpransy then no one can access http directly as it get reidrected  to  squid. For other ports u can include following lines in your rc.nat . I have given example for two ports only . You can use more.

Code: [Select]
iptables -A INPUT -p udp -i eth0 --dport 21 -j DROP
iptables -A INPUT -p tcp -i eth0 --dport 22 -j  DROP
You have to enable ip forwarding.
Lastly make sure that u r able to access internet  from your any client without entering the proxy ports . If u r unable then ur proxy is not transparent.
Also NAT works for static ip network. Dont forget to add DNS servers of ur ISP in every client

Offline ashwin_ice

  • Linux Noob !
  • *
  • Posts: 10
Sorry I saw ur reply in this Thread Just now
« Reply #10 on: January 06, 2004, 12:17:26 PM »
:(  Um awfully sorry ricky... I just saw your reply to my posting which I hadn't realised that I'd pasted in someone else's Thread. I was just retracing the solution u'd given me and I saw my post and your reply to the same just now  :( . This makes a lot of sense ricky.. configuring ports I want directly routed to use the router and HTTP browsers to use Squid.  Thank you so much but I hope this is all that I have to do...

Firstly I need to flush all the earlier TRANSPARENT PROXY settings which I'd made with these commands u'd posted earlier in this thread:

iptables=/sbin/iptables

$iptables --flush -t nat

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward  


Then


iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

Then

iptables -A INPUT -p udp -i eth0 --dport 21 -j DROP
iptables -A INPUT -p tcp -i eth0 --dport 22 -j  DROP
iptables -A INPUT -p smtp -i eth0 dport 25 -j DROP
                               "
Now Ricky Why r we saying Drop and I guess the Forwarding has been done in the previous step Correct  :D ! Now like is this enough or Do I need to configure more...

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
IP masq and squid proxy.
« Reply #11 on: January 06, 2004, 02:22:52 PM »
Quote
Now Ricky Why r we saying Drop and I guess the Forwarding has been done in the previous step Correct  ! Now like is this enough or Do I need to configure more...

You don't need to use Drop at all. I suggest you as you was saying to do..
Also i have understood your earlier requirements wrongly ie.. you said..  
Quote
would allow my clients to directly use the box as a ROUTER not as a NAT ROUTER.  
well saying router and NAT router is same thing. .. but the table about redirecting has done every thing already..  if you need more then instead of dropping you can redirect that to 8080 port.. Also you don't need more masquradind.. only one line is required..