Ethernet port redirection

Ethernet port redirection

[Navneet]

Hi,

Now, pease check this out :-
I was trying to run squid in transparent mode(Transparent Proxying) ?

System details:
RedHat Linux 9
eth0 133.147.171.169/8 [Internal NIC]
eth1 172.21.133/14        [External NIC]

All http request get REDIRECTED to squid  at eth0(Internal).It should work
as Gateway by means of eth1(External).

i've done this:
1.Enabled IP forwarding
#echo "1" >/proc/sys/net/ipv4/ip_forward
2.iptables (Netfilter) PORT REDIRECTION:
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128

Port not getting REDIRECTED as per above iptables rule?.
Why it so?

Thanks

Regards,
Navneet

"Learning Linux"

Reference:
http://www.ibiblio.org/pub/Linux/docs/HOWTO/TransparentProxy
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
http://www.iptablesrocks.org/

Re: Ethernet port redirection

[Jason Opperisano]

On Wed, Jan 05, 2005 at 08:52:06PM +0530, Navneet wrote:
> Hi,
> 
> Now, pease check this out :-
> I was trying to run squid in transparent mode(Transparent Proxying) ?
> 
> System details:
> RedHat Linux 9
> eth0 133.147.171.169/8 [Internal NIC]
> eth1 172.21.133/14        [External NIC]

maybe i'm being silly--but it sure looks to me like eth0 is external and
eth1 is internal.

> All http request get REDIRECTED to squid  at eth0(Internal).It should work
> as Gateway by means of eth1(External).
> 
> i've done this:
> 1.Enabled IP forwarding
> #echo "1" >/proc/sys/net/ipv4/ip_forward
> 2.iptables (Netfilter) PORT REDIRECTION:
> #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> REDIRECT --to-port 3128

are you *positive* that you don't mean eth1 there?

-j

--
"Ah, good ol' trustworthy beer. My love for you will never die."
        --The Simpsons

Re: Ethernet port redirection

[Jose Maria Lopez]

El mié, 05 de 01 de 2005 a las 16:52, Jason Opperisano escribió:
> On Wed, Jan 05, 2005 at 08:52:06PM +0530, Navneet wrote:
> > Hi,
> > 
> > Now, pease check this out :-
> > I was trying to run squid in transparent mode(Transparent Proxying) ?
> > 
> > System details:
> > RedHat Linux 9
> > eth0 133.147.171.169/8 [Internal NIC]
> > eth1 172.21.133/14        [External NIC]
> 
> maybe i'm being silly--but it sure looks to me like eth0 is external and
> eth1 is internal.
> 
> > All http request get REDIRECTED to squid  at eth0(Internal).It should work
> > as Gateway by means of eth1(External).
> > 
> > i've done this:
> > 1.Enabled IP forwarding
> > #echo "1" >/proc/sys/net/ipv4/ip_forward
> > 2.iptables (Netfilter) PORT REDIRECTION:
> > #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> > REDIRECT --to-port 3128
> 
> are you *positive* that you don't mean eth1 there?
> 
> -j
> 
> --
> "Ah, good ol' trustworthy beer. My love for you will never die."
>         --The Simpsons

I would like to add that maybe he have not configured the
squid proxy properly, it need to be configured to do the
transparent proxy thing. If you don't do it the iptables
rules are useless.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

Re: Ethernet port redirection

[Askar]

make user squid is configured for transparent proxying "interception" 
    * httpd_accel_host virtual
    * httpd_accel_port 80
    * httpd_accel_with_proxy on
    * httpd_accel_uses_host_header on

regards



On Wed, 5 Jan 2005 20:52:06 +0530, Navneet <navneetkc@gmail.com> wrote:
> Hi,
> 
> Now, pease check this out :-
> I was trying to run squid in transparent mode(Transparent Proxying) ?
> 
> System details:
> RedHat Linux 9
> eth0 133.147.171.169/8 [Internal NIC]
> eth1 172.21.133/14        [External NIC]
> 
> All http request get REDIRECTED to squid  at eth0(Internal).It should work
> as Gateway by means of eth1(External).
> 
> i've done this:
> 1.Enabled IP forwarding
> #echo "1" >/proc/sys/net/ipv4/ip_forward
> 2.iptables (Netfilter) PORT REDIRECTION:
> #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> REDIRECT --to-port 3128
> 
> Port not getting REDIRECTED as per above iptables rule?.
> Why it so?
> 
> Thanks
> 
> Regards,
> Navneet
> 
> "Learning Linux"
> 
> Reference:
> http://www.ibiblio.org/pub/Linux/docs/HOWTO/TransparentProxy
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> http://www.iptablesrocks.org/
> 
> 


-- 
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)

Re: Ethernet port redirection

[Jason Opperisano]

On Fri, 2005-01-07 at 07:41, Navneet wrote:
> > On Wed, Jan 05, 2005 at 08:52:06PM +0530, Navneet wrote:
> > > Hi,
> > >
> > > Now, pease check this out :-
> > > I was trying to run squid in transparent mode(Transparent Proxying) ?
> > >
> > > System details:
> > > RedHat Linux 9
> > > eth0 133.147.171.169/8 [Internal NIC]
> > > eth1 172.21.133/14        [External NIC]
> >
> > maybe i'm being silly--but it sure looks to me like eth0 is external and
> > eth1 is internal.
> 
> No it' not. eth0 is being used as internal GW & eth1 as external.
> 
> Any reason for you being silly...about eth0 as internal & eth1 as external ?
> please suggest

because the IP on eth0 is 133.147.169 and the IP on eth1 is 172.21.133,
which is from an RFC1918 range.

> > > All http request get REDIRECTED to squid  at eth0(Internal).It should
> work
> > > as Gateway by means of eth1(External).
> > >
> > > i've done this:
> > > 1.Enabled IP forwarding
> > > #echo "1" >/proc/sys/net/ipv4/ip_forward
> > > 2.iptables (Netfilter) PORT REDIRECTION:
> > > #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> > > REDIRECT --to-port 3128
> >
> > are you *positive* that you don't mean eth1 there?
> 
> yes ofcourse i am very +ve about it.eth0 should be there...

your REDIRECT rule is correct--do you also have an INPUT rule that
allows traffic to connect to 172.21.133:3128 on eth1?  do you also have
an OUTPUT rule that allows the gateway to resolve DNS, and fetch HTTP
content?

someone else asked this, but are you sure you have squid compiled with
transparent proxying support and have you configured it to support
transparent proxying?

-j

--
"Default! The two sweetest words in the English language!"
	--The Simpsons