Hi all,
I am using RH 6.2 , complete install, box as my internet gateway. I am using modem to connect to internet.I hv confgd Ipchains for firewall and squid for proxy. Everything works fine. But when i am trying to implement transparent proxy, nothing happens.
If i specify proxy address in the browser ( port 8080 ) it works fine.
If i dont specify proxy address in the browser again it works fine, but here it uses the gateway to go out. What i want is to redirect all request to port 80 to 8080.
these are my squid and firewall scripts..
# rc.firewall
#!/bin/sh
/sbin/depmod -a # allows loading of modules into the kernel
# The following are custom modules, which allows use of
# tricky protocols through the firewall. It's general rule
# to use only those really needed.
/sbin/modprobe ip_masq_ftp # to FTP out
/sbin/modprobe ip_masq_raudio # enable RealAudio
/sbin/modprobe ip_masq_irc # enable IRC DCC
/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 # Quake I/II/III
/sbin/modprobe ip_masq_cuseeme # CuSeeMe
/sbin/modprobe ip_masq_vdolive # VDO-live
echo "1" > /proc/sys/net/ipv4/ip_forward # Enables IP Forwarding! Important!
echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Do this if on a dialup (ppp0)
/sbin/ipchains -M -S 7200 10 160 # Set timeouts on masquerading sessions.
# Here, 2 hours idle for TCP sessions
# 10 seconds after a TCP FIN is received
# 2 minutes for UDP packets
/sbin/ipchains -P forward DENY # By default, deny packet forwarding
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ # Enable IP masquerading
# 192.168.0.0/24 is the subnet of our
# internal network. This must be changed
# to reflect the proper subnet of your
# internal network, otherwise masq'ing
# will fail. Try Daryl's Subnet Calc.
# ipprimer.windsorcs.com/subnet.html
/sbin/ipchains -N infilt # create a new "chain" named infilt
/sbin/ipchains -A input -i ppp0 -j infilt # use infilt to check data from eth1
/sbin/ipchains -A infilt -s 192.168.0.0/24 -l -j DENY
# deny anything from eth1 (the Internet
# interface) that says it's coming
# from the internal network. This will
# help prevent spoofing.
-------------------------------
#Squid.conf
http_port 8080
httpd_accel_host virtual
httpd_accel_port 8080
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-------------------------
i added this line to start transparent proxy and it fails here...
#Send all traffic destined to port 80 to squid on port 8080
/sbin/ipchains -A input -p tcp -s 192.168.0.0/24 -d 0/0 80 -j REDIRECT 8080
The IpAddress of my Gateway server is 192.168.0.1
Regards,
-Balaji
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Sep 18 2000 - 02:12:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:20 MST