Assalam o Alykum
machine = Fedoran 6, squid 2.6 stable 4
internet line = DSL from PTCL through Lan Modem 192.168.1.1
eth0 = ip = 192.168.1.3 connected with PTCL modem
sm = 255.255.255.0
defaul gw = 192.168.1.1
eth1 = ip = 192.168.10.10 connected LAN users
sm = 255.255.255.0
clients PCs per
browsing ho rahi hai explorer mai ip deney key baad
yahoo aur mns messenger bhi connect ho raha hai ip key saath
mai chahata ho browsing aur messenger withou ip key connect ho yani Transparent
pls koi hall batain
AGAR KOI BHAI MERA MASLA HAL KAR DAIN TOU MAI PAYMENT BHI KAR SAKTA HOO SO PLEASE CONTACT ME
Siraj Ahemd 0300 - 9217465
Required help by Cash
-
- Lance Naik
- Posts: 25
- Joined: Thu Dec 08, 2005 10:22 pm
- Location: New Karachi
- Contact:
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear Siraj Ahmed,
Salam,
Have you tried to search at Linux Pakistan Forum ?
Post your squid configuration file along with your iptables rules.
Best Regards.
Salam,
Have you tried to search at Linux Pakistan Forum ?
Post your squid configuration file along with your iptables rules.
Best Regards.
Farrukh Ahmed
transparment inetrnet
yar if u don't implement any rule your end user or workstation u don't requirment squiq
u just run these two command and u automaticaly using tranparment proxy
.
1) echo 1 > /proc/sys/net/ipv4/ip_forward
2)iptables -t nat -A POSTROUTING -o eth0 -p tcp -j MASQUERADE
if u run firewall stop firewall service and squid service
INSHALLAH EVERY THING RUNNING PERFECTLY
GOD BLESS YOU
Syed Ovais Irfan
u just run these two command and u automaticaly using tranparment proxy
.
1) echo 1 > /proc/sys/net/ipv4/ip_forward
2)iptables -t nat -A POSTROUTING -o eth0 -p tcp -j MASQUERADE
if u run firewall stop firewall service and squid service
INSHALLAH EVERY THING RUNNING PERFECTLY
GOD BLESS YOU
Syed Ovais Irfan
-
- Lance Naik
- Posts: 25
- Joined: Thu Dec 08, 2005 10:22 pm
- Location: New Karachi
- Contact:
transparment inetrnet
yar ap nay woh step kaya jo ap ko batay thay
sub say pehlay ap woh step karay
Syed Ovais Irfan
sub say pehlay ap woh step karay
Syed Ovais Irfan
-
- Lance Naik
- Posts: 25
- Joined: Thu Dec 08, 2005 10:22 pm
- Location: New Karachi
- Contact:
-
- Lance Naik
- Posts: 25
- Joined: Thu Dec 08, 2005 10:22 pm
- Location: New Karachi
- Contact:
Transpatent proxy not working
DSL Modem (PTCL) 192.168.1.1 DHCP on
eth0 = from internet
ip from DHCP from PTCL modem ( 192.168.1.3 )
eth1= for LAN users
192.168.10.10
255.255.255.0
Squid Server ip 192.168.10.10:8080
DHCP on 192.168.11 to 192.168.70
Squid Basic Configuration
http_port 192.168.10.10:8080 transparent
http_port 80 vhost
http_port 127.0.0.1:8080 transparent
always_direct allow all
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl mynet src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow mynet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
my iptables rules
#!/bin/sh
# ------------------------------------------------------------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# -------------------------------------------------------------------------------------
# squid server IP
SQUID_SERVER="192.168.10.10"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="8080"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
then
service ipiptables save
chkconfig iptables on
service squid restart
chkconfig squid on
DSL Modem (PTCL) 192.168.1.1 DHCP on
eth0 = from internet
ip from DHCP from PTCL modem ( 192.168.1.3 )
eth1= for LAN users
192.168.10.10
255.255.255.0
Squid Server ip 192.168.10.10:8080
DHCP on 192.168.11 to 192.168.70
Squid Basic Configuration
http_port 192.168.10.10:8080 transparent
http_port 80 vhost
http_port 127.0.0.1:8080 transparent
always_direct allow all
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl mynet src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow mynet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
my iptables rules
#!/bin/sh
# ------------------------------------------------------------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# -------------------------------------------------------------------------------------
# squid server IP
SQUID_SERVER="192.168.10.10"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="8080"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
then
service ipiptables save
chkconfig iptables on
service squid restart
chkconfig squid on
-
- Lance Naik
- Posts: 25
- Joined: Thu Dec 08, 2005 10:22 pm
- Location: New Karachi
- Contact:
Transpatent proxy not working
DSL Modem (PTCL) 192.168.1.1 DHCP on
eth0 = from internet
ip from DHCP from PTCL modem ( 192.168.1.3 )
eth1= for LAN users
192.168.10.10
255.255.255.0
Squid Server ip 192.168.10.10:8080
DHCP on 192.168.11 to 192.168.70
Squid Basic Configuration
http_port 192.168.10.10:8080 transparent
http_port 80 vhost
http_port 127.0.0.1:8080 transparent
always_direct allow all
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl mynet src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow mynet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
my iptables rules
#!/bin/sh
# ------------------------------------------------------------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# -------------------------------------------------------------------------------------
# squid server IP
SQUID_SERVER="192.168.10.10"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="8080"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
then
service ipiptables save
chkconfig iptables on
service squid restart
chkconfig squid on
DSL Modem (PTCL) 192.168.1.1 DHCP on
eth0 = from internet
ip from DHCP from PTCL modem ( 192.168.1.3 )
eth1= for LAN users
192.168.10.10
255.255.255.0
Squid Server ip 192.168.10.10:8080
DHCP on 192.168.11 to 192.168.70
Squid Basic Configuration
http_port 192.168.10.10:8080 transparent
http_port 80 vhost
http_port 127.0.0.1:8080 transparent
always_direct allow all
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl mynet src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow mynet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
my iptables rules
#!/bin/sh
# ------------------------------------------------------------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# -------------------------------------------------------------------------------------
# squid server IP
SQUID_SERVER="192.168.10.10"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="8080"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
then
service ipiptables save
chkconfig iptables on
service squid restart
chkconfig squid on