similar to: Re: Solution provided --- Transparent proxy in DMZ ( squid )

I've managed to configure a LVS Cluster to act as a transparent proxy squid farm, with a virtual server as load balancer, and three real servers. Because redirecting packets going to port 80 to port 3128 of squid in the load balancer doesn't works, the solution has a mix of ip route and iptables. Here is the script I wrote to configure transparent proxy. #!/bin/bash #Transparent proxy

Hi, I want forward port 21 and 443 to my squid. A simply rule (dnat) didnt help me. My http - port (only 80) will forwarded to my squid. It runs fine. Here I have used the HowTo from Tom and the hints from http://lartc.org/. I want to do the same with port 21 as port 80. My network: Shorewall: eth0 net (192.168.108.1) eth1 dmz (192.168.109.1) eth2 loc (192.168.110.1) eth3 loc1

Hi, I followed the instructions posted on the shorewall web page for transparent proxy, but I still cannot get it to work. I have almost the same setup as described on the web, running squid on dmz, eth1, and the loc on eth2. I can see that packets going out from the fw, they are not sent to the squid proxy, and if I try to telnet to the squid proxy to port 80, where I should be directed to

Hi, I''m attempting to set up Squid in my DMZ (3 interface shorewall). Step 5 has got me. How do you execute the iptables command after networking is up? TIA John

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

Dear All, Linux Kernel 2.4.20-8 Running Shorewall 2.2.0 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff inet 62.68.254.178/28 brd

and Here is my rule that did this DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... What I was trying to achieve: Since I am only using 3/16, I wanted to fake the rest of them as being alive hosts. Only to accept pings and some allowed protocols accessed from the net. What is wrong with my rule? Will REDIRECT work ??? Harry Regards.

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

hey friends, I am trying to configure Squid Transparent Proxy on Centos4.0. The eth0 is connected to the Internet and eth1 is for the LAN connection I am testing this scenario with 2 machines one machine (Centos4.0 ) on which squid is running and other machine which is debian is on the network 192.168.2.0. Centos4.0 eth0: 192.168.1.125/24 eth1: 192.168.2.126/24 Debian: eth0:

I have 2 internet connections and i;m trying to use squid as transparent proxy but every time squid is using first internet line but i want to use second internet line . i have this settings and without squid it''s working i have default route on the first internet connection. iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to

Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have

Hi All, I'm setting up a Samba AD domain which works perfectly with the WIn 7 server tools and so far everything is going fine. What has me stumped is setting up an LDAP proxy in our DMZ against which I can authenticate our email and web services. I've got port 389 open on my main Samba 4 DC and if I use the domain administrator account to bind the proxy, everything works. In order

Hello ! I have installed and configured squid(last version) transparent proxy and i am using shorewall(last version) as a firewall. I have redirected all of my local network''s http requests to the squid port(3128). But, from my local net i cannot ping a remote machine on the internet using his hostname like google.com. I could do it only when i use a ip address. All of computers in the

Greetings, I installed a squid 3.1.10.i686 squid to a centos 6.2i686. The proxy is working fine with the default config. After I decided to use it as a transparent proxy, I added two lines to config: http_proxy 10.0.5.1:3128 transparent, always_direct allow all http_port 10.0.5.1:3128 transparent # # Recommended minimum configuration: # acl manager proto cache_object #acl localhost src

Hi, I''ve got 2 lines from two diffrent ISP''s, one is a leased line and another a DSL line, I route certain ips over the DSL line for faster access and would like email to go over the leased line as it has a static ip and is our sending mailserver ip I would like to send mail to the same ips that is routed over DSL via the leased line, otherwise my server gets blacklisted with

Hi, Is it possible to transparent proxy FTP through Squid? If so what rules would i need to add to the rules file so that any ftp request is forwarding through Squid? I have www traffic being Tranparantly proxied. Herwith my www rules: REDIRECT loc 3128 tcp 80 ACCEPT loc fw::3128 tcp www - all ACCEPT fw

Opps! After reading the email below I noticed something in ''ifconfig''. The wireless interface is ''wlan0'' not ''wan0''. I modified the wireless interface in /etc/shorewall/interface to wlan0 started shorewall I can connect eo the INTERNET with shorewall running Horace From: Horace Franklin Jr

hi all, i have this situation: isp1 | dmz ----- FW linux ----- isp2 |----------------------------------- vpn concentrator ----- various ipsec lan-2-lan | LAN In lan i have "pc zone" and "server zone", same network. Dmz and server zone browse internet through isp1, lan use isp2, and remote