Strange---- IPForwarding Stop Traffic on System------

Taking care of your Linux box.
wasim081
Lance Naik
Posts: 40
Joined: Thu Jun 28, 2007 11:07 am
Location: Faisalabad

Strange---- IPForwarding Stop Traffic on System------

Post by wasim081 »

AOA

Brother I have RHEL 4 Installed and Configure it as SQuid Cache Server

and Caching DNS SERVER With Two Lan Cards


eth0= 172.16.1.2/255.255.0.0 gw=172.16.1.1 (my Router)

eth1= 192.168.0.1/255.255.255.0

Primary DNS = 127.0.0.1 Secondary

SQuid Runing on Port 8080 and 3128


When I Turn IpForwarding On All Traffic on Squid go to dead End Even A Google Page Open after 10 mints and Same thing on server

But DNS Resolving IS good

---------------------------------Ip Tables------------------------------------

iptables -F
iptables -t nat -F

modprobe ip_nat_ftp

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT

#############################################

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

##################Proxy Port ######################

iptables -A INPUT -i eth1 -p tcp --dport 8080 -j ACCEPT #Proxy Server

########## BIND PORTS ##########
iptables -A INPUT -p tcp --dport 42 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

###########################################

iptables -A FORWARD -p tcp --dport 5050 -j ACCEPT #YAHOO
iptables -A FORWARD -p tcp --dport 5001 -j ACCEPT #YAHOO CHAT
iptables -A FORWARD -p tcp --dport 5100 -j ACCEPT #YAHOO CAM
iptables -A FORWARD -p tcp --dport 11999:12000 -j ACCEPT #Yahoo game

iptables -A FORWARD -p tcp -m multiport --dports 1863,443 -j ACCEPT

iptables -A FORWARD -p tcp --dport 6660:6670 -j ACCEPT #MIRC
iptables -A FORWARD -p tcp --dport 7000 -j ACCEPT #MIRC


###########################################
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

--------------------------------------------------------------------------------

I am Looking for u r Helps

Thanks and Jazak allah
Last edited by wasim081 on Mon Jul 02, 2007 11:58 am, edited 2 times in total.
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

add these lines to your script as squid is listening at 3128 or 8080


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 8080 -j REDIRECT --to-port 3128

and paste here the results
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
wasim081
Lance Naik
Posts: 40
Joined: Thu Jun 28, 2007 11:07 am
Location: Faisalabad

U R Wrong Its use for Transparent Proxy

Post by wasim081 »

Brother Tanveer

U R Wrong Its use for Transparent Proxy i dnt want transaprent Proxy so addign is not meaning Full

Is i m right ??
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

did your squid responding

what does happend when you

tail -f /where/your/access.log

and have you enough bandwidth for browsing ??
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

please add this line too in your script

echo 1 > /proc/sys/net/ipv4/ip_forward
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

let me clear you some things may be you have done most

1...First of all make sure that squid is running
2.. are you Running Cacheing only name service or not ? if not please run this service: if you dont want to run than put your isp's nameserver address at you client's DNS configuration.

Code: Select all

Service named start
chkconfig named on
3. if you wish to use transparent proxy than actually you need Iptables and if you dont want to use transparent proxy than you only need IPFORWARDING"

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward
run this even at command prompt.

may the upper will help you.

[/b][/quote]
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
wasim081
Lance Naik
Posts: 40
Joined: Thu Jun 28, 2007 11:07 am
Location: Faisalabad

Post by wasim081 »

Brother i have 512kbs DSL Connection and i have turn ipforwading on

vi /etc/sysctl.conf and SET net.ipv4.ipforward=1


But When i Turn off IPForwarding squid Working v v v Fine


:cry: :cry: :cry: :cry: :cry: :cry:
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

But When i Turn off IPForwarding squid Working v v v Fine
at server machine or on client ??
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
wasim081
Lance Naik
Posts: 40
Joined: Thu Jun 28, 2007 11:07 am
Location: Faisalabad

Post by wasim081 »

Brother Tanveer all the service(squid BIND) are running and up and dns

server resolve name resoltuin pretty fine and i can ping yaoo.com its

means ip forwarding is working but SQUID TRAFFIC HANGING
:cry: :cry: :cry: :cry: :cry: :cry:
abakali
Naik
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm

Post by abakali »

wasim081 wrote:Brother i have 512kbs DSL Connection and i have turn ipforwading on

vi /etc/sysctl.conf and SET net.ipv4.ipforward=1


But When i Turn off IPForwarding squid Working v v v Fine


:cry: :cry: :cry: :cry: :cry: :cry:
AOA

based on your DSL provider check isp proxy server by putting in your browser
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
wasim081
Lance Naik
Posts: 40
Joined: Thu Jun 28, 2007 11:07 am
Location: Faisalabad

Post by wasim081 »

Dear all fellow PLZ READ CareFULLY

ONLY SQUID TRAFFIC HANGIN WHEN I ENALBLE IPFORWARDING

When i disable it and restart services its working so fine
ather_36
Naik
Posts: 97
Joined: Thu Jul 31, 2003 11:38 am
Location: karachi
Contact:

Post by ather_36 »

Salam Wasim
Set this IP 172.16.1.2 on ur eth1 as gateway.Inshallah ur problem will be resolve.
Also enable DNS forwarding in ur /etc/named.conf.The forwarding IP is ur ISP nameserver IP.
forwarders { ur ISP IP; };
forward only;

Add above lines under the option sections in ur /etc/named.conf.The sample configuration is below.

options {
......................................
.................................
// query-sources address * port 53;
forwarders { ur ISP IP; };
forward only;
};
Like this.and insert ur locallan IP in ur /etc/resolv.conf and start the named service.
Thanks & Regards
Athar Hussain
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

Dear Wasim,

I dont have that knowledge regarding this.

You are saying that you have enabled IPFORWARDING, when you enable IPFORWARDING and do not redirect the web-traffic to squid with the help of IPTABLES, there is no use of creating a Squid proxy server, because even if you stop squid the internet at the client side will be working.

Because when you enable IPFORWARDING all the traffic without going to squid is forworded to the internet.

You have to redirect the web-traffic to squid

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-port 3128

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-port 8080

If you dont do this and enable IPFORWARDING, there is no ue of setting up squid as a proxy or a caching server..

Hope i am write...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
wasim081
Lance Naik
Posts: 40
Joined: Thu Jun 28, 2007 11:07 am
Location: Faisalabad

Post by wasim081 »

Thanks Brother

In Transparent mode NCSA AUTHNTICATION is not work and redirectin is not a problem I think in this sense

Bz it Just Rediredt Traffic
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

Dear Brother,

Its better if you can post your squid.conf setting, then linuxpakistan people will better assist you.

Regards
Noman Khanzada
Post Reply