You are not logged in.
hi,
I would like to use squid in trasparent-proxy mode, I follow:
https://wiki.archlinux.org/index.php/Sq … _web_proxy
but seems not works...
I have:
- configured and started squid
- added iptables rule (http://digilander.libero.it/sacarde/np/iptables.rules)
- but when I use browser or ftp in cli, I dont view anything in /var/log/squid/access.log
can you help me? I wrong?
sacarde
Offline
If you set the proxy manually in your browser, does that work? If that works, then it's a problem with your redirecting, if it doesn't, then there's something wrong with squid. Knowing that will help narrow down where to look obviously.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
setting proxy manually in browser or setting "http_proxy" "ftp_proxy" variables
it works
the squid wiki page is updated ?
Offline
Well if that works, then it must be the redirection that's not working.
I don't know if the squid wiki page is up to date, but squid doesn't change very often, and iptables changes even less so it shouldn't be too bad.
What is the output of `iptables -t nat -nvL`?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
this:
Chain PREROUTING (policy ACCEPT 1 packets, 52 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 3129
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 redir ports 3129
Chain INPUT (policy ACCEPT 1 packets, 52 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 973 packets, 59991 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 973 packets, 59991 bytes)
pkts bytes target prot opt in out source destination
Offline
but fow example I boubt, in squid.conf I have to set:
http_port 3129 intercept
or
http_port 3129 transparent
and then... only this?
Offline
(Please use [ code ] tags to post things like this, makes them easier to read)
Chain PREROUTING (policy ACCEPT 1 packets, 52 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 3129
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 redir ports 3129
None of these rules are being hit (the first column is 0) so that's why it is not working. The machine running squid is the one that the client computer(s) use as their gateway/router?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
I follow this guide:
http://wiki.squid-cache.org/ConfigExamp … xLocalhost
and now it works !!
I view rules:
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3127
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 147 packets, 9354 bytes)
pkts bytes target prot opt in out source destination
5 280 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 owner GID match 15
5 280 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.1.20:3127
Chain POSTROUTING (policy ACCEPT 157 packets, 9914 bytes)
pkts bytes target prot opt in out source destination
but works only for trafic www 80
if I would like add ftp? what rules I have to add ?
Last edited by sacarde (2013-01-20 08:09:23)
Offline
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3127
....
Chain OUTPUT (policy ACCEPT 147 packets, 9354 bytes)
pkts bytes target prot opt in out source destination
5 280 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 owner GID match 15
5 280 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.1.20:3127
OUTPUT is only for the local machine; you didn't mention that you were trying to transparent local web browsing.
but works only for trafic www 80
if I would like add ftp? what rules I have to add ?
You can't transparently proxy FTP. The FTP protocol does not have an equivalent to the HTTP "Host" header which is what is required to be able to transparently proxy.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
then only http (port 80) trafic I can transparent proxy?
or using another proxy?
fukawi2 thanks a lot
Last edited by sacarde (2013-01-21 08:06:17)
Offline
if I undestand...
- squid proxy ---> manage protocol http/https/ftp
- squid transparent proxy ---> manage only http
is true?
Offline
Correct; technically you can transparently proxy HTTPS as well, but it causes problems since the browser is not expecting a proxy, but the S(ecure) part of HTTPS does what it is designed to do and detects that the connection is being interfered with.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
thank you
I will try: tinyproxy, tsock...(dante)...
Last edited by sacarde (2013-01-22 09:11:40)
Offline