* Ethernet port redirection @ 2005-01-05 15:22 Navneet 2005-01-05 15:52 ` Jason Opperisano 2005-01-07 11:05 ` Askar 0 siblings, 2 replies; 5+ messages in thread From: Navneet @ 2005-01-05 15:22 UTC (permalink / raw) To: netfilter Hi, Now, pease check this out :- I was trying to run squid in transparent mode(Transparent Proxying) ? System details: RedHat Linux 9 eth0 133.147.171.169/8 [Internal NIC] eth1 172.21.133/14 [External NIC] All http request get REDIRECTED to squid at eth0(Internal).It should work as Gateway by means of eth1(External). i've done this: 1.Enabled IP forwarding #echo "1" >/proc/sys/net/ipv4/ip_forward 2.iptables (Netfilter) PORT REDIRECTION: #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Port not getting REDIRECTED as per above iptables rule?. Why it so? Thanks Regards, Navneet "Learning Linux" Reference: http://www.ibiblio.org/pub/Linux/docs/HOWTO/TransparentProxy http://iptables-tutorial.frozentux.net/iptables-tutorial.html http://www.iptablesrocks.org/ ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Ethernet port redirection 2005-01-05 15:22 Ethernet port redirection Navneet @ 2005-01-05 15:52 ` Jason Opperisano 2005-01-06 23:48 ` Jose Maria Lopez [not found] ` <002501c4f4b6$278eed40$eaab9385@gagan> 2005-01-07 11:05 ` Askar 1 sibling, 2 replies; 5+ messages in thread From: Jason Opperisano @ 2005-01-05 15:52 UTC (permalink / raw) To: netfilter On Wed, Jan 05, 2005 at 08:52:06PM +0530, Navneet wrote: > Hi, > > Now, pease check this out :- > I was trying to run squid in transparent mode(Transparent Proxying) ? > > System details: > RedHat Linux 9 > eth0 133.147.171.169/8 [Internal NIC] > eth1 172.21.133/14 [External NIC] maybe i'm being silly--but it sure looks to me like eth0 is external and eth1 is internal. > All http request get REDIRECTED to squid at eth0(Internal).It should work > as Gateway by means of eth1(External). > > i've done this: > 1.Enabled IP forwarding > #echo "1" >/proc/sys/net/ipv4/ip_forward > 2.iptables (Netfilter) PORT REDIRECTION: > #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > REDIRECT --to-port 3128 are you *positive* that you don't mean eth1 there? -j -- "Ah, good ol' trustworthy beer. My love for you will never die." --The Simpsons ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Ethernet port redirection 2005-01-05 15:52 ` Jason Opperisano @ 2005-01-06 23:48 ` Jose Maria Lopez [not found] ` <002501c4f4b6$278eed40$eaab9385@gagan> 1 sibling, 0 replies; 5+ messages in thread From: Jose Maria Lopez @ 2005-01-06 23:48 UTC (permalink / raw) To: netfilter@lists.netfilter.org El mié, 05 de 01 de 2005 a las 16:52, Jason Opperisano escribió: > On Wed, Jan 05, 2005 at 08:52:06PM +0530, Navneet wrote: > > Hi, > > > > Now, pease check this out :- > > I was trying to run squid in transparent mode(Transparent Proxying) ? > > > > System details: > > RedHat Linux 9 > > eth0 133.147.171.169/8 [Internal NIC] > > eth1 172.21.133/14 [External NIC] > > maybe i'm being silly--but it sure looks to me like eth0 is external and > eth1 is internal. > > > All http request get REDIRECTED to squid at eth0(Internal).It should work > > as Gateway by means of eth1(External). > > > > i've done this: > > 1.Enabled IP forwarding > > #echo "1" >/proc/sys/net/ipv4/ip_forward > > 2.iptables (Netfilter) PORT REDIRECTION: > > #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > > REDIRECT --to-port 3128 > > are you *positive* that you don't mean eth1 there? > > -j > > -- > "Ah, good ol' trustworthy beer. My love for you will never die." > --The Simpsons I would like to add that maybe he have not configured the squid proxy properly, it need to be configured to do the transparent proxy thing. If you don't do it the iptables rules are useless. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <002501c4f4b6$278eed40$eaab9385@gagan>]
* Re: Ethernet port redirection [not found] ` <002501c4f4b6$278eed40$eaab9385@gagan> @ 2005-01-07 13:47 ` Jason Opperisano 0 siblings, 0 replies; 5+ messages in thread From: Jason Opperisano @ 2005-01-07 13:47 UTC (permalink / raw) To: Navneet; +Cc: netfilter On Fri, 2005-01-07 at 07:41, Navneet wrote: > > On Wed, Jan 05, 2005 at 08:52:06PM +0530, Navneet wrote: > > > Hi, > > > > > > Now, pease check this out :- > > > I was trying to run squid in transparent mode(Transparent Proxying) ? > > > > > > System details: > > > RedHat Linux 9 > > > eth0 133.147.171.169/8 [Internal NIC] > > > eth1 172.21.133/14 [External NIC] > > > > maybe i'm being silly--but it sure looks to me like eth0 is external and > > eth1 is internal. > > No it' not. eth0 is being used as internal GW & eth1 as external. > > Any reason for you being silly...about eth0 as internal & eth1 as external ? > please suggest because the IP on eth0 is 133.147.169 and the IP on eth1 is 172.21.133, which is from an RFC1918 range. > > > All http request get REDIRECTED to squid at eth0(Internal).It should > work > > > as Gateway by means of eth1(External). > > > > > > i've done this: > > > 1.Enabled IP forwarding > > > #echo "1" >/proc/sys/net/ipv4/ip_forward > > > 2.iptables (Netfilter) PORT REDIRECTION: > > > #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > > > REDIRECT --to-port 3128 > > > > are you *positive* that you don't mean eth1 there? > > yes ofcourse i am very +ve about it.eth0 should be there... your REDIRECT rule is correct--do you also have an INPUT rule that allows traffic to connect to 172.21.133:3128 on eth1? do you also have an OUTPUT rule that allows the gateway to resolve DNS, and fetch HTTP content? someone else asked this, but are you sure you have squid compiled with transparent proxying support and have you configured it to support transparent proxying? -j -- "Default! The two sweetest words in the English language!" --The Simpsons ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Ethernet port redirection 2005-01-05 15:22 Ethernet port redirection Navneet 2005-01-05 15:52 ` Jason Opperisano @ 2005-01-07 11:05 ` Askar 1 sibling, 0 replies; 5+ messages in thread From: Askar @ 2005-01-07 11:05 UTC (permalink / raw) To: Navneet; +Cc: netfilter make user squid is configured for transparent proxying "interception" * httpd_accel_host virtual * httpd_accel_port 80 * httpd_accel_with_proxy on * httpd_accel_uses_host_header on regards On Wed, 5 Jan 2005 20:52:06 +0530, Navneet <navneetkc@gmail.com> wrote: > Hi, > > Now, pease check this out :- > I was trying to run squid in transparent mode(Transparent Proxying) ? > > System details: > RedHat Linux 9 > eth0 133.147.171.169/8 [Internal NIC] > eth1 172.21.133/14 [External NIC] > > All http request get REDIRECTED to squid at eth0(Internal).It should work > as Gateway by means of eth1(External). > > i've done this: > 1.Enabled IP forwarding > #echo "1" >/proc/sys/net/ipv4/ip_forward > 2.iptables (Netfilter) PORT REDIRECTION: > #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > REDIRECT --to-port 3128 > > Port not getting REDIRECTED as per above iptables rule?. > Why it so? > > Thanks > > Regards, > Navneet > > "Learning Linux" > > Reference: > http://www.ibiblio.org/pub/Linux/docs/HOWTO/TransparentProxy > http://iptables-tutorial.frozentux.net/iptables-tutorial.html > http://www.iptablesrocks.org/ > > -- (after bouncing head on desk for days trying to get mine working, I'll make your life a little easier) ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-01-07 13:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-05 15:22 Ethernet port redirection Navneet
2005-01-05 15:52 ` Jason Opperisano
2005-01-06 23:48 ` Jose Maria Lopez
[not found] ` <002501c4f4b6$278eed40$eaab9385@gagan>
2005-01-07 13:47 ` Jason Opperisano
2005-01-07 11:05 ` Askar
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.