[K12OSN] transparent proxying with LTSP--SOLVED

Brad Johnson bjohnson at independence.k12.ia.us
Fri Feb 24 02:47:07 UTC 2006 

	
On Feb 23, 2006, at 11:18 AM, Mike Ely wrote:

> Brad Johnson wrote:
>> On Feb 23, 2006, at 10:28 AM, Mike Ely wrote:
>>>> Ok guys, after a little googling, here is what I came up with.    
>>>> Now, before I do this, please know that I am not currently  
>>>> running  ANY type of firewall on this LTSP box.  If I create the  
>>>> following  entry, do I need to then create additional entries to  
>>>> allow other  types of traffic?  I don't want my LTSP box to stop  
>>>> working  because of the following rules:
>>>> iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 - 
>>>> j  DNAT --to dansguardian/squid box:8080
>>>> Someone please tell me it's this easy!
>>>
>>> Actually, it's easier.  I've been running ipcop for a while  
>>> here,  and really you can just let 'er rip - don't bother with  
>>> that  ruleset. Install the advproxy and urlfilter mods for ipcop  
>>> ( http:// www.advproxy.net/ ), turn on "transparent mode" for the  
>>> proxy, and  you're golden.  If you set the ports the way you have  
>>> indicated,  you will break pages that specifically run on port  
>>> 8080...
>>>
>>> Cheers,
>>> Mike
>>>
>> Ok, so here's what I've got......
>> LTSP network connects to LSTP server--connects to remainder of  
>> LAN-- connects to Internet.  Where do I put the IPCop Box....do I  
>> put it  directly between LTSP and the remainder of the LAN?
>
> Ours sits between our LAN and the internet.  If the clients on your  
> LAN are transparently proxied, then your LTSP clients will also.   
> This applies to your current configuration as well.
>
> Mike
>
>

> Thanks for the help today guys.  I must admit, I am iptables- 
> challenged.  Since I currently already had a squid/danguardian box  
> on the network, my prefernce was to continue using it.  I then  
> found an old post on the list from 2003, courtesy of Eric Harrison,  
> that led me directly to this wiki link:
http://k12ltsp.org/phpwiki/index.php/WebFiltering%3AIntegration

which provided me with the two following rules:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination  
192.168.1.1:3128
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to- 
destination 192.168.1.1:3128

>


magically, the tranparent proxying began working for my LTSP lab!   
Thanks to everyone!

Brad

More information about the K12OSN mailing list