Hi Friends,
I am a newbie to linux. I am trying to configure transparent proxy, using Red Hat Linux 9.0, i have tried port forwarding rule but it doesn't work. But when i manually keyin the ip and port number in Internet Explorer, it works fine.
Please help me.
Rajendra.
Morning Rajendra,
Which proxy you are using ?
Yopu can achive same by ipchains or iptables also:
ipchain rules.
/sbin/ipchains -A forward -s ur_network/subnetmask -j MASQ Note: Make sure that ip forwarding is enable. If not run this command. ( Same for iptables also. )
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables rules.
/sbin/iptables -A FORWARD -s ur_network/subnetmask -p tcp -j ACCEPT
This rule will allow traffic to be forwarded, as long as the protocol was tcp, and the source was a machine on the your subnet.
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This rule, coupled with the one above will allow for MASQUERADE(ing) your internal network traffic, via NAT (Network Address Translation), so that you can share your internet connection with the rest of your network.
If you using Squid:
* httpd_accel_host virtual * httpd_accel_port 80 * httpd_accel_with_proxy on * httpd_accel_uses_host_header on make sure that these are enable + working squid configuration. Will make transparent proxy.
Regards, Animesh.
--- Rajendra Rait raj_rait@postmark.net wrote:
Hi Friends,
I am a newbie to linux. I am trying to configure transparent proxy, using Red Hat Linux 9.0, i have tried port forwarding rule but it doesn't work. But when i manually keyin the ip and port number in Internet Explorer, it works fine.
Please help me.
Rajendra.
__________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
On Tue, Jun 15, 2004 at 09:52:07PM -0700, Animesh Singh wrote:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Instead of MASQUERADE use SNAT. IAC, MASQUERADE is meant for non static ips like dialup, dhcp etc.
/sbin/iptables -A POSTROUTING -t nat -s INT-IP -o eth0 -j SNAT --to-source EXT-IP
Regards
--- "Dileep M. Kumar" dileep@gmx.net wrote:
On Tue, Jun 15, 2004 at 09:52:07PM -0700, Animesh Singh wrote:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
Instead of MASQUERADE use SNAT. IAC, MASQUERADE is meant for non static ips like dialup, dhcp etc.
<snip> MASQUERADE is intended for use with dynamic addresses. The other thing that it does differently is that if the link goes down, entries in the nat table will be dropped with MASQUERADE. If you're using SNAT, the entries stay in the table in case the link comes back up momentarily. This makes sense for MASQUERADE, because when the link comes back up, the address will (could) be different anyway, so the connections won't ever be resumed.
SNAT use more overhead, since it seeks the external IP every time a chain is traversed.
Regards, Animesh.
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
-
Animesh Singh -
Dileep M. Kumar -
Rajendra Rait