Alex Gutiérrez Martínez
2018-09-24 14:36:46 UTC
Hi community, im tyin to configure a squid transparent proxy, i obtain
internet thanks to a parent proxy. I have 3 Ip declare on my iptables
config file 172.16.1.245 is the administration ip, 172.16.1.246 is my
parent proxy ip and 192.168.137.0/24 is the lan segment where my client
are. This is my config:
#squid.conf
acl http port 80
http_access allow http
acl https port 443
http_access allow https
never_direct allow all
cache_peer 172.16.1.246 parent 804
http_port 3128 transparent
cache_mem 64 MB
cache_dir aufs /var/cache/squid 1024 16 256
acl mired src 192.168.137.0/24
acl localhost src 127.0.0.1/32
http_access allow mired
http_access allow localhost
http_access deny all
acl deny_ipaccess url_regex [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
http_access deny deny_ipaccess
#iptables config
##!/bin/sh
echo n Aplicando Reglas de Firewall...
## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
## Establecemos politica por defecto
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
## Empezamos a filtrar
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 172.16.1.245 -j ACCEPT
iptables -A INPUT -s 172.16.1.246 -j ACCEPT
iptables -A INPUT -s 192.168.137.0/24 -j ACCEPT
#nat
iptables -t nat -A PREROUTING -p tcp -s 192.168.137.0/24 --dport 80 -j
REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p tcp -s 192.168.137.0/24 --dport 443 -j
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -d 172.16.1.14 -o
enp0s3 -j MASQUERADE
#iptables save
iptables-save > /etc/iptables/rules.v4
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
# Fin del scrip
Can someone be so nice to explain to me wy this is not working.
Thanks in advance. Remember, always attack ideas, never people.
internet thanks to a parent proxy. I have 3 Ip declare on my iptables
config file 172.16.1.245 is the administration ip, 172.16.1.246 is my
parent proxy ip and 192.168.137.0/24 is the lan segment where my client
are. This is my config:
#squid.conf
acl http port 80
http_access allow http
acl https port 443
http_access allow https
never_direct allow all
cache_peer 172.16.1.246 parent 804
http_port 3128 transparent
cache_mem 64 MB
cache_dir aufs /var/cache/squid 1024 16 256
acl mired src 192.168.137.0/24
acl localhost src 127.0.0.1/32
http_access allow mired
http_access allow localhost
http_access deny all
acl deny_ipaccess url_regex [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
http_access deny deny_ipaccess
#iptables config
##!/bin/sh
echo n Aplicando Reglas de Firewall...
## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
## Establecemos politica por defecto
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
## Empezamos a filtrar
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 172.16.1.245 -j ACCEPT
iptables -A INPUT -s 172.16.1.246 -j ACCEPT
iptables -A INPUT -s 192.168.137.0/24 -j ACCEPT
#nat
iptables -t nat -A PREROUTING -p tcp -s 192.168.137.0/24 --dport 80 -j
REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p tcp -s 192.168.137.0/24 --dport 443 -j
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -d 172.16.1.14 -o
enp0s3 -j MASQUERADE
#iptables save
iptables-save > /etc/iptables/rules.v4
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
# Fin del scrip
Can someone be so nice to explain to me wy this is not working.
Thanks in advance. Remember, always attack ideas, never people.
--
Saludos Cordiales
Lic. Alex Gutiérrez Martínez
Tel. +53 7 2710327
Saludos Cordiales
Lic. Alex Gutiérrez Martínez
Tel. +53 7 2710327