problem in configuring squid transparent proxy on FC3

Ankush Grover ankush174 at gmail.com
Tue Jul 11 17:33:23 UTC 2006 

>
> That rule is in the NAT table, you can see it with.
>
>        iptables -t nat -nvL
>
> or to see both filter and nat tables together.
>
>        iptables -nvL ; iptables -t nat -nvL
>
The output of the command "iptables -t nat -nvL" is attached with this
email in the squid.txt file.There are about 20 entries when I do
iptables -t nat -nvL is it normal to have these much entries. I have
only applied this rule to the iptables

iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport
80 -j REDIRECT --to-port 3128



> I also think you need a subnet declaration for your squid ACLs, because
> you are using "src" - see your conf file for more description on proper
> declarations.
>
> vi /etc/squid/squid.conf
>
>        acl INTERNAL-NETWORK src 192.168.2.0/24
>        http_access allow INTERNAL-NETWORK
>

    I have corrected this mistake of my mine. I have added  subnet
mask with the src acl. (192.168.2.0/24)

> Remember, your transparent proxy is a redirection of HTTP requests (port
> 80) to your proxy cache (port 3128). Squid then handles the request
> transparently, the client doesn't realise the change in network packet
> flow. To test this properly, you can either disable packet forwarding on
> the FC3 box, or set your iptables forward policy to drop everything.
>
>        iptables -P FORWARD DROP
>
ip forward is already disable on the system

 sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1

But still I am not able to browse from the 192.168.2.0 domain. I have
a machine whose ip address is 192.168.2.88 and the gateway of this
machine is 192.168.2.126( eth1 on FC3).

I can ping 192.168.2.88 to 192.168.2.126 and from 192.168.2.126 to
192.168.2.88  but from 192.168.2.88 I am not able to browse the
internet.

Any pointers what can be the problem ?

Thanks & Regards

Ankush Grover
-------------- next part --------------
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 293 packets, 50998 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 REDIRECT   tcp  --  ethi   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.1.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.1.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth0   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128
    0     0 REDIRECT   tcp  --  eth1   *       192.168.2.0/24       0.0.0.0/0           tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 2964 packets, 96105 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 2964 packets, 96105 bytes)
 pkts bytes target     prot opt in     out     source               destination

More information about the fedora-list mailing list