Re: Transparent proxy - forwarding does not work

To: debian-user@lists.debian.org
Subject: Re: Transparent proxy - forwarding does not work
From: "Mihira Fernando" <mihiratheace@gmail.com>
Date: Thu, 17 Jan 2008 14:43:04 +0000
Message-id: <[🔎] a428046f0801170643h26b8d334n96ce764ee9419df8@mail.gmail.com>
In-reply-to: <[🔎] a428046f0801170637u2fc70e4ak90cf82d3c8ad1c0d@mail.gmail.com>
References: <[🔎] 478BB759.4000000@gmail.com> <[🔎] a428046f0801170637u2fc70e4ak90cf82d3c8ad1c0d@mail.gmail.com>

On Jan 17, 2008 2:37 PM, Mihira Fernando <mihiratheace@gmail.com> wrote:
>
> On Jan 14, 2008 7:26 PM, Eduardo M KALINOWSKI <ekalin@gmail.com> wrote:
> >
> >     I'm trying to setup a transparent caching proxy with Squid. I've
> > installed Squid, configured it, in particular using the line
> > http_port 3128 transparent
> >
> >     The proxy is working fine. If I specify the proxy manually, I can
> > see it being used from access.log, and note the results of caching.
> >
> >     However, the automatic forwarding is not working. First, I've
> > enabled forwarding with
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> >     Then, following instructions found in the internet, I've run
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> > --to-port 3128
> > to setup automatic forwarding of http requests. The command runs fine,
> > and the rule is added:
> > # iptables -t nat -L
> > Chain PREROUTING (policy ACCEPT)
> > target     prot opt source               destination
> > REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:www
> > redir ports 3128
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> >     However, the forwarding simply does not happen. Requests do not pass
> > through the proxy, everything works as before.
> >
> >     Is there anything that is missing?
> >
> >     Kernel is linux-image-2.6.22-2-amd64, version 2.6.22-4 . Now I'm
> > using squid3 version 3.0.STABLE1-1, but I've also tried with squid
> > 2.6.17-1, and the results are the same.
> >
> > Thanks in advance,
> >
> > --
> > History repeats itself.  That's one thing wrong with history.
> >
> > Eduardo M KALINOWSKI
> > ekalin@gmail.com
> > http://move.to/hpkb
> >
>
> I have the almost exact setup with Squid 2.6 and it works fine. One
> point though, I have 2 network interfaces, eth0 for internet and eth1
> for LAN.
>
> Squid listens only on eth1 and loop back on transparent mode.
>
> http_port my.lan.ip:3128 transparent
> http_port 127.0.0.1:3128 transparent
>
> Mihira.

Forgot to add :

iptabes is set for the LAN interface (eth1) for the port redirection

iptablies -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128

and port redirection on the internet interface (eth0)

Mihira.

-- 
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers
has been approved.

Reply to:

References:
- Transparent proxy - forwarding does not work
  - From: Eduardo M KALINOWSKI <ekalin@gmail.com>
- Re: Transparent proxy - forwarding does not work
  - From: "Mihira Fernando" <mihiratheace@gmail.com>

Prev by Date: Re: Transparent proxy - forwarding does not work
Next by Date: Re: GUI programming
Previous by thread: Re: Transparent proxy - forwarding does not work
Next by thread: Compiz: Blacklisted PCIID '8086:29a2' found
Index(es):
- Date
- Thread