Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Proxy Server Support => Topic started by: ilias on June 17, 2005, 07:14:07 AM
-
Hi all
I have installed transparent proxy its working fine but i am not able to block certain sites which i have in ACLs, then i have changed settings in browser now ACL are applied.
BUT users are removing the Browser settings and able to access restricted sites.
Pls can any one tel me
-
I think u have done NAT as well as proxy but no Transparent proxy..
Which means request are directly getting served by NAT.
make sure you are redirecting all request on the squid machine for port 80 to squid's port .. mostly 3128 .
See the tutorial again for that !
-
As said by in your tutorial i have created a file called rc.nat in rc.d directory and insert three command lines in the order below mention.
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward
still users are able to access restricted sites. pls see the rc.nat file wheteher it is correct and suggest any changes. my etho is public IP and eth1 is private ip
tks
-
Ok. here I got the problem, you have done mistake in port forwarding..
The lines you have to modify are..
iptables --append FORWARD --in-interface eth0 -j ACCEPT
To...
iptables --append FORWARD --in-interface eth1 -j ACCEPT
And ....
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
To...
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
NOTE that I have changed the eth0 to eth1 for you. And please also make sure that your squid is accepting the connection at port 3128 which means you have set in squid.conf as the following which means squid will serve the request at port 3128 http_port 3128
-
tks a lot ricky, what about the first command line
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
and my squid listens on both the port 3128 and 80
tks
ilias
-
That first line is ok, and I think don't make squid to listen on port 80 also as many times it can cause conflicts with other application. You can use any other port like 6558 which I prefer as secondry !
-
ok, tks ricky
-
After successfully installing transparent proxy as said above everything is fine except a glitch, i am not able to browse ftp sites. Its ask for the user name and password . Its keeps searching the directory listings.
"Getting contents of the folder" is displayed in the status bar. pls can anyone help me
tks in advance
-
basically that happens due to slow internet uplink !
What do you say ?
-
I have installed transparent proxy especialy for accessing FTP sites, but even after that it showed tha above error. There is nothing wrong in proxy settings.
I Have changed the browser seetings for passine mode, it worked.
tks for one and all
-
i have configured the browser to listen on passide mode
-
I am happy to hear that ..
:)
-
Dear ..
Really i thanks to both..i have been struggled for this transparent configuration before this forum.Now i got a solution & working fine.Once again thx to both..
Manojkumar.N.P.