Visit Our UNIX and Linux User Community


IPNAT / Transparent proxy loops...


 
Thread Tools Search this Thread
Special Forums Cybersecurity IPNAT / Transparent proxy loops...
# 1  
Old 10-20-2002
IPNAT / Transparent proxy loops...

Hi!

My situation:

I have an OpenBSD firewall/proxy (192.168.0.1), running IPF/IPNAT w/ Squid as transparent proxy. This machine is configured to be gateway to the network.

This works great, all the clients WWW-requests on the internal network are rerouted to the proxyport by this IPNAT-rule:

rdr fxp0 0.0.0.0/0 port 80 -> 192.168.0.1 port 3128

However, I would like to use another machine as a transparent proxy and have run into some problems... The new machine runs Solaris 8 i386 (192.168.0.2) and I have succesfully compiled and configured Squid. I use the same config I used with the "firewall-squid-version".
After changing the IPNAT-rule to:

rdr fxp0 0.0.0.0/0 port 80 -> 192.168.0.2 port 3128

It won't work... I can see a message: Website found, waiting for reply, but figure this is only because DNS-lookup of the website was succesfull. DNS-lookups are punched through the firewall and happen independently from the squid-proxy.

What I figure happened is this:

- A client wants to connect to the internet.
- Request travels to 192.168.0.1 port 80
- Request is redirected to squid on 192.168.0.2 port 3128
- Squid on 192.168.0.2 wants to connect to the internet.
- Squid on 192.168.0.2 connects to 192.168.0.1 port 80
- Squid-request is redirected to squid on 192.168.0.2 port 3128 instead of to internet (because of IPNAT-rule stated above)
- And it continues to loop...

How can I change my IPNAT-rules so that all clients are redirected to 192.168.0.2 port 3128 _AND_ 192.168.0.2 itself is allowed direct access to the internet?

Previous Thread | Next Thread
Test Your Knowledge in Computers #112
Difficulty: Easy
macOS was not the largest Unix largest installed base in 2017.
True or False?

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Issue setup Transparent proxy and Gateway using Squid on CentOS 7

Hello, We are migrating our gateways from CentOS 6 to CentOS 7 and for setting up a transparent proxy using squid and Firewalld i am using below configuration. #Firewalld configurations firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=3128:toaddr=LAN_IP... (4 Replies)
Discussion started by: sunnysthakur
4 Replies

2. IP Networking

Connecting via proxy chain to Upstream proxy

I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect... (0 Replies)
Discussion started by: Russel
0 Replies

3. IP Networking

Transparent Proxy with URL Rewriting

All traffic on the LAN is routed through a single machine and filtered using iptables. I'd like to redirect this traffic to a transparent proxy running on the same machine that will rewrite the URL if it matches a specified regex, in which case the user will be redirected to a local server. In... (0 Replies)
Discussion started by: crottyan
0 Replies

4. UNIX for Advanced & Expert Users

ipf/ipnat NAT/port forward issues

I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies

5. Linux

Freebsd IPNAT

I need to figure out how to exclude RDP from mapping, i am mapping as follows map le0 10.1.0.0/24 -> 10.1.0.10/32 however i need to exclude rdp so i can still rdp to machines on the 10.1.0.0/24 network.. Can somebody please advise how i could do this ? (0 Replies)
Discussion started by: boxalld
0 Replies

6. Shell Programming and Scripting

Need help with a shell script:Config Transparent Proxy using Shell

I want to config Transparent Proxy using Shell Script. I have more questions<exercise of me :D>: + Check that the squid is installed or not install and version is installed +Allows users to choose to run a transparent proxy or not +Perform configuration and turn on service in accordance... (0 Replies)
Discussion started by: kaka287
0 Replies

7. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies

8. IP Networking

SQUID Transparent Proxy Server

hi guys! We are setting up Squid Server. we want the server to be transparent. But I don't know how will i be able to set the network up. is it possible to set the squid server in the same LAN with the Squid Client and still functions as a transparent server? if so, can anybody help me do it? ... (1 Reply)
Discussion started by: init6_
1 Replies

9. IP Networking

Destination NAT using ipnat in Solaris 8

Hello People, Please can someone help me with destination IP address NAT and Port transalation using ipnat in Solaris 8. Scenario: Box A(192.168.100.1/24) and Box B (192.168.100.50/24) are connected phyically and logically(vlan) on the same network switch. Box A hosts an... (0 Replies)
Discussion started by: mandarawachat
0 Replies

Featured Tech Videos