[squid-users] Transparent Proxy not working on FC3 with Squid2.5 Stable 11

From: ankush grover <[email protected]>
Date: Wed, 12 Jul 2006 12:51:25 +0530

hey friends,

I am trying to configure Squid Transparent Proxy on FC3 and the squid
version is Squid 2.5 Stable 11. I am testing the scenario on 2
machines. The 1st machine is the FC3 and it has got 2 lan cards

eth0: 192.168.1.125/24
eth1: 192.168.2.126/24

Another machine is having only one LAN Card running Windows XP

eth0: 192.168.2.88/24

I added these lines for transparent proxy in squid.conf
http_port 3128 (by default)
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

I have also added these lines to squid.conf

acl mynetwork src 192.168.1.125
acl mynetwork1 src 192.168.2.0/24
http_access allow mynetwork
http_access allow mynetwork1

Configured iptables to redirect the request to the proxy from the
domain 192.168.2.0 to port 3128

iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport
80 -j REDIRECT --to-port 3128

 iptables -t nat -nvL ---> shows the nat entries in iptables

Chain PREROUTING (policy ACCEPT 1383 packets, 235K bytes)
 pkts bytes target prot opt in out source destination
    0 0 REDIRECT tcp -- eth1 * 192.168.2.0/24
0.0.0.0/0 tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 9798 packets, 335K bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 9798 packets, 335K bytes)
 pkts bytes target prot opt in out source destination

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

sysctl -p

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1

I am not able to browse from the 192.168.2.0 domain. I have
a machine whose ip address is 192.168.2.88 and the gateway of this
machine is 192.168.2.126( eth1 on FC3).

I can ping 192.168.2.88 to 192.168.2.126 and from 192.168.2.126 to
192.168.2.88 but from 192.168.2.88 I am not able to browse the
internet.

If I configure proxy settings for any client in 192.168.1.0/24 domain
it works fine. I am not able to configure transparent proxy for the
test machine.

Any pointers what wrong I am doing ?

Thanks & Regards
Received on Wed Jul 12 2006 - 01:21:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT