Transparent Squid / Iptables truble

StarF · Guru Joined: 12 Sep 2004 Posts: 368

Hi

I am trying to set up a transparent proxy. The squid part is working fine, how ever i seem to have some truble with my iptables rules, this is what i have done.

eth0 - management
eth1 - eth3 is made into a bridge br0

i then add these rules to take the trafic from the br0 and throw it through the squid:

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

First of all, do you just need a transparent proxy or do you really need the whole bridging scenario too? In any case you have to fix your Squid configuration since the lines from above will not work with recent releases of Squid.
_________________
Hello 911? How are you?

StarF · Guru Joined: 12 Sep 2004 Posts: 368

i kinda need both. my bridge is working just have a isue with how i am supposed to redict traffic through the squid.

as i said, the squid is wokring fine if i use it directly, i am having truble figuring out what to do to make it transparent, or if it already is.

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

Which version of Squid is installed on your system?
_________________
Hello 911? How are you?

StarF · Guru Joined: 12 Sep 2004 Posts: 368

its version 2.7

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

Squid listens on port 8090?
_________________
Hello 911? How are you?

StarF · Guru Joined: 12 Sep 2004 Posts: 368

yes, and if i set it manualy in a browser it works fine.

it looks like either the data isent transfered into the squid, or squid is not allowing for transparent mode.

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

[EDITED]
What about squid's log files - any hints you can see there? Where is your client located respectively connecting from?
_________________
Hello 911? How are you?

StarF · Guru Joined: 12 Sep 2004 Posts: 368

nothing in it, when using the bridge. so from that point it looks like it isent getting any trafik in. I guess it should still show something, even if it wasent alowed?

the client is connection from the same network as the squid.

one more thing, it just strikes me.

I got havp running infront of squid to scan files from virus. This is working fine, when i am browsing the net through the proxy. But after i setup the bridge i am just getting a error, also from the mashine i cant ping outside, unless i restart (and remove the bridge).. its like it cant find its way out.

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

I'm not sure right now but try and add each and every interface with the command you used for br0:

StarF · Guru Joined: 12 Sep 2004 Posts: 368

when adding those iptables rules along with the ebtables rule, i can now browse through the br0. But it dosent go through the squid still.. Nothing in the log. also on the linux console i cant ping outside. ie. ping google.com or something like that.

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

You can browse the web (browser connects through br0) but there is nothing in Squid's log files? If you turn of Squid are you still able to browse the web?

For ping you'd have to allow it explicitly (additional iptable rules).
_________________
Hello 911? How are you?

StarF · Guru Joined: 12 Sep 2004 Posts: 368

yes i can still browse even though the squid is turned off.

massimo · Veteran Joined: 22 Jun 2003 Posts: 1226

Did you configure a proxy in your browser?
_________________
Hello 911? How are you?

StarF · Guru Joined: 12 Sep 2004 Posts: 368

no, its just connected through the bridge...