[K12OSN] transparent proxying with LTSP--SOLVED
Brad Johnson
bjohnson at independence.k12.ia.us
Fri Feb 24 02:47:07 UTC 2006
On Feb 23, 2006, at 11:18 AM, Mike Ely wrote:
> Brad Johnson wrote:
>> On Feb 23, 2006, at 10:28 AM, Mike Ely wrote:
>>>> Ok guys, after a little googling, here is what I came up with.
>>>> Now, before I do this, please know that I am not currently
>>>> running ANY type of firewall on this LTSP box. If I create the
>>>> following entry, do I need to then create additional entries to
>>>> allow other types of traffic? I don't want my LTSP box to stop
>>>> working because of the following rules:
>>>> iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -
>>>> j DNAT --to dansguardian/squid box:8080
>>>> Someone please tell me it's this easy!
>>>
>>> Actually, it's easier. I've been running ipcop for a while
>>> here, and really you can just let 'er rip - don't bother with
>>> that ruleset. Install the advproxy and urlfilter mods for ipcop
>>> ( http:// www.advproxy.net/ ), turn on "transparent mode" for the
>>> proxy, and you're golden. If you set the ports the way you have
>>> indicated, you will break pages that specifically run on port
>>> 8080...
>>>
>>> Cheers,
>>> Mike
>>>
>> Ok, so here's what I've got......
>> LTSP network connects to LSTP server--connects to remainder of
>> LAN-- connects to Internet. Where do I put the IPCop Box....do I
>> put it directly between LTSP and the remainder of the LAN?
>
> Ours sits between our LAN and the internet. If the clients on your
> LAN are transparently proxied, then your LTSP clients will also.
> This applies to your current configuration as well.
>
> Mike
>
>
> Thanks for the help today guys. I must admit, I am iptables-
> challenged. Since I currently already had a squid/danguardian box
> on the network, my prefernce was to continue using it. I then
> found an old post on the list from 2003, courtesy of Eric Harrison,
> that led me directly to this wiki link:
http://k12ltsp.org/phpwiki/index.php/WebFiltering%3AIntegration
which provided me with the two following rules:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
192.168.1.1:3128
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-
destination 192.168.1.1:3128
>
magically, the tranparent proxying began working for my LTSP lab!
Thanks to everyone!
Brad
More information about the K12OSN
mailing list