Transparents squid problem

muhaur · n00b Joined: 30 Jul 2005 Posts: 8

i m running redhat linux enterprize edition and i configured squid and internet was running on client's PC.
but when i was going to configure the transparents squid then it causes problem and now internet is not running on client's PC.

i also want to know, what i did wronge that causes that now internet is not running.
now i want to tell my scenario
i have two PCs one on which squid server is running and second is the client's PC.
i ve two thernet cards eth0 (internet provider connection) and eth1( attacjhed to the client's PC). To make the squid server as transparent i run this command

iptables-t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

.iptables-t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

unfortunately i run above command on both interfaces and now internet is not running. what is wronge in that.

kawsper · Posted: Sun Jul 31, 2005 1:55 am Post subject:

Why are you doing it on both in and out?
The only thing i can remind as a problem is that a client is requesting a page on port 80, iptables redirects the attempt to squid, and while squid is fetching the file from port 80 out, you are redirecting squids fetching attempt to port 3128, so if i am your client, i connect to the, and try to fetch google.com, i am getting google.com on port 3128, which doesnt exists, and there are your problem.

Its only incoming connections on port 80 that should be redirected to squid on the internal network card.
_________________
Laptop: Zepto 2314W, Pentium M 730, 512 Mb Pc-3200
Server 1: Athlon XP 3200+ | Asus A7V880 | 768 Mb DDR Pc-3200
Server 2: Pentium III Coppermine | Unknown MB | 64 Mb
All running Gentoo

www.hyggenet.org - IRC-Network for the pleasant atmosphere.

muhaur · n00b Joined: 30 Jul 2005 Posts: 8

you are right but when i apply this command to redirect the internal client's request from 80 to 3128 it did not work. so i though that i should also apply this to the external ethernet (from where i m getting internet service) aswell. after that its not working at all. pls also tell me how can i come to my previous configuration, i mean how can i delete the previous iptables configuration. from where i can finish or edit the iptable configuration.
looking to hearing from you.

kawsper · Posted: Sun Jul 31, 2005 5:50 am Post subject:

You can try using a script i once runned on my server, it's a very basic one, but it should do the job quite well.

muhaur · n00b Joined: 30 Jul 2005 Posts: 8

thanx , right now i am somewhere, i ll try after 10 hour i ll try it.
thanx again
Bye

kawsper · Posted: Sun Jul 31, 2005 7:09 am Post subject:

Too bad, and bad style dude, you have to use gentoo ALL THE TIME and be home with the system all the time. At least use a SSH to the system :roll:

Me? Geeky? No! :wink:

When you come back please give feedback, others may find it useful, and i will be here to help

_________________
Laptop: Zepto 2314W, Pentium M 730, 512 Mb Pc-3200
Server 1: Athlon XP 3200+ | Asus A7V880 | 768 Mb DDR Pc-3200
Server 2: Pentium III Coppermine | Unknown MB | 64 Mb
All running Gentoo

www.hyggenet.org - IRC-Network for the pleasant atmosphere.

jani80k · n00b Joined: 07 Aug 2003 Posts: 40

ok this schouldn´t be too hard...
make sure you have this in your squid config:

muhaur · n00b Joined: 30 Jul 2005 Posts: 8

Thank u so much for reply and sorry for late.
the script that u send me is for when u r getting external as static. but in my scenario i am getting IP from DHCP server. so what changes should i make so that this scrpt can run according to my scenario.

muhaur · n00b Joined: 30 Jul 2005 Posts: 8

The script that u told me when i run that script. The results was amazing, one the client PC, proxy was defined when i run your script then it start working, browsing on Client PCs starts (but it should not start because that tine on Client PC proxy was defined while script says it dont need any proxy on client side) but after 1 minute browsing stop working. so what would the problem?

One mistake i previously did that i also told u that i run the following script for both internal and external ethernet
iptables -t nat -A PREROUTING -i eth2 -p tcp --destination-port 80 -j REDIRECT --to-port 3128 (Internal)
iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port 80 -j REDIRECT --to-port 3128 (external)
how can i remove that command from external interface.
(on server machine it is doing browsing)

One thing more that i m getting IP from DHCP server so in your scrpt that u gave me i dont know how to modify the script to get ip from DHCP server so i simply see my ip that i was assigned that time from DHCP server and write that ip in your scrpt.

Whats wronge in that?
ihow to run squid transparently, even now i m unable to run with the help of proxy.

Thanx
Waiting for ur reply

the_mgt · Posted: Sat Aug 06, 2005 12:49 pm Post subject:

thanks to jani80k! i got my squid transparency problem fixed now!

@muhaur:
If you don't want to mess around with the iptables commands, you can use shorewall.
It writes the iptable rules for you, but has a very simple syntax in the config files.
And provides good howtos on their homepage. Very good for beginners!!