Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IPNAT / Transparent proxy loops...
Special Forums Cybersecurity IPNAT / Transparent proxy loops... Post 30309 by indo1144 on Sunday 20th of October 2002 11:43:02 AM
Old 10-20-2002
IPNAT / Transparent proxy loops...
Hi!

My situation:

I have an OpenBSD firewall/proxy (192.168.0.1), running IPF/IPNAT w/ Squid as transparent proxy. This machine is configured to be gateway to the network.

This works great, all the clients WWW-requests on the internal network are rerouted to the proxyport by this IPNAT-rule:

rdr fxp0 0.0.0.0/0 port 80 -> 192.168.0.1 port 3128

However, I would like to use another machine as a transparent proxy and have run into some problems... The new machine runs Solaris 8 i386 (192.168.0.2) and I have succesfully compiled and configured Squid. I use the same config I used with the "firewall-squid-version".
After changing the IPNAT-rule to:

rdr fxp0 0.0.0.0/0 port 80 -> 192.168.0.2 port 3128

It won't work... I can see a message: Website found, waiting for reply, but figure this is only because DNS-lookup of the website was succesfull. DNS-lookups are punched through the firewall and happen independently from the squid-proxy.

What I figure happened is this:

- A client wants to connect to the internet.
- Request travels to 192.168.0.1 port 80
- Request is redirected to squid on 192.168.0.2 port 3128
- Squid on 192.168.0.2 wants to connect to the internet.
- Squid on 192.168.0.2 connects to 192.168.0.1 port 80
- Squid-request is redirected to squid on 192.168.0.2 port 3128 instead of to internet (because of IPNAT-rule stated above)
- And it continues to loop...

How can I change my IPNAT-rules so that all clients are redirected to 192.168.0.2 port 3128 _AND_ 192.168.0.2 itself is allowed direct access to the internet?
 

9 More Discussions You Might Find Interesting

1. IP Networking

Destination NAT using ipnat in Solaris 8

Hello People, Please can someone help me with destination IP address NAT and Port transalation using ipnat in Solaris 8. Scenario: Box A(192.168.100.1/24) and Box B (192.168.100.50/24) are connected phyically and logically(vlan) on the same network switch. Box A hosts an... (0 Replies)
Discussion started by: mandarawachat
0 Replies

2. IP Networking

SQUID Transparent Proxy Server

hi guys! We are setting up Squid Server. we want the server to be transparent. But I don't know how will i be able to set the network up. is it possible to set the squid server in the same LAN with the Squid Client and still functions as a transparent server? if so, can anybody help me do it? ... (1 Reply)
Discussion started by: init6_
1 Replies

3. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies

4. Shell Programming and Scripting

Need help with a shell script:Config Transparent Proxy using Shell

I want to config Transparent Proxy using Shell Script. I have more questions<exercise of me :D>: + Check that the squid is installed or not install and version is installed +Allows users to choose to run a transparent proxy or not +Perform configuration and turn on service in accordance... (0 Replies)
Discussion started by: kaka287
0 Replies

5. Linux

Freebsd IPNAT

I need to figure out how to exclude RDP from mapping, i am mapping as follows map le0 10.1.0.0/24 -> 10.1.0.10/32 however i need to exclude rdp so i can still rdp to machines on the 10.1.0.0/24 network.. Can somebody please advise how i could do this ? (0 Replies)
Discussion started by: boxalld
0 Replies

6. UNIX for Advanced & Expert Users

ipf/ipnat NAT/port forward issues

I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies

7. IP Networking

Transparent Proxy with URL Rewriting

All traffic on the LAN is routed through a single machine and filtered using iptables. I'd like to redirect this traffic to a transparent proxy running on the same machine that will rewrite the URL if it matches a specified regex, in which case the user will be redirected to a local server. In... (0 Replies)
Discussion started by: crottyan
0 Replies

8. IP Networking

Connecting via proxy chain to Upstream proxy

I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect... (0 Replies)
Discussion started by: Russel
0 Replies

9. UNIX for Advanced & Expert Users

Issue setup Transparent proxy and Gateway using Squid on CentOS 7

Hello, We are migrating our gateways from CentOS 6 to CentOS 7 and for setting up a transparent proxy using squid and Firewalld i am using below configuration. #Firewalld configurations firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=3128:toaddr=LAN_IP... (4 Replies)
Discussion started by: sunnysthakur
4 Replies

LEARN ABOUT NETBSD

ipnat

IPNAT(8)						      System Manager's Manual							  IPNAT(8)

NAME

       ipnat - user interface to the NAT subsystem

SYNOPSIS

       ipnat [ -dhlnrsvCF ] [ -M core ] [ -N system ] -f <filename>

DESCRIPTION

       ipnat  opens the filename given (treating "-" as stdin) and parses the file for a set of rules which are to be added or removed from the IP
       NAT.

       Each rule processed by ipnat is added to the kernels internal lists if there are no parsing problems.  Rules are added to the  end  of  the
       internal lists, matching the order in which they appear when given to ipnat.

       Note  that ipf(8) must be enabled (with ipf -E) before NAT is configured, as the same kernel facilities are used for NAT functionality.	In
       addition, packet forwarding must be enabled.  These details may be handled automatically when ipnat is run by rc at normal system  startup.
       See options(4), sysctl(8), and rc.conf(5) for more information.

OPTIONS

       -C     delete all entries in the current NAT rule listing (NAT rules)

       -d     Enable printing of some extra debugging information.

       -F     delete all active entries in the current NAT translation table (currently active NAT mappings)

       -h     Print number of hits for each MAP/Redirect filter.

       -l     Show the list of current NAT table entry mappings.

       -n     This  flag  (no-change)  prevents ipf from actually making any ioctl calls or doing anything which would alter the currently running
	      kernel.

       -r     Remove matching NAT rules rather than add them to the internal lists.

       -s     Retrieve and display NAT statistics.

       -v     Turn verbose mode on.  Displays information relating to rule processing and active rules/table entries.

FILES

       /dev/ipnat
       /usr/share/examples/ipf	Directory with examples.

DIAGNOSTICS

       ioctl(SIOCGNATS): Input/output error Ensure that the necessary kernel functionality is present and ipf enabled with ipf -E.

SEE ALSO

       ipnat(5), rc.conf(5), ipf(8), ipfstat(8)

																	  IPNAT(8)
All times are GMT -4. The time now is 03:34 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy