Thanks for reply Mihira.I tried script and remove manual web browser configure for proxy but not worked.
Invalid URL Error page is squid error page that i see on the web browser. I think,it means web request is being redirected to dansguardian by iptables and dansguardian is forwarding request to squid but squid dont resolve the URL-path. Am i wrong ? What do you think ? On 15/11/2007, Mihira Fernando <[EMAIL PROTECTED]> wrote: > > Semih Gokalp wrote: > > Thanks for reply but i tried before: > > > > http_port 127.0.0.1:3128 <http://127.0.0.1:3128/> transparent > > http_port 192.168.0.1:3128 <http://192.168.0.1:3128/> transparent > > > > but not worked. > > > > I tried different ip tables rules like below: > > iptables -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -j DNAT --to > > 192.168.0.1:8080 <http://192.168.0.1:8080> > > > > but no worked. > > > > When i configure web browser manually(http proxy 192.168.0.1 > > <http://192.168.0.1> and port 8080), and remove iptables rule (iptables > > -t nat -A PREROUTING -p tcp -i $INTIF -s 192.168.0.0/24 > > <http://192.168.0.0/24> --dport 80 -j REDIRECT --to-port 8080 ) , it > works. > > > > But why do not squid works with redirect iptables rule.I dont > understand. > > > > I suppose,problem is url because web browser error page is like this: > > > > ERROR > > The requested URL could not be retrived > > While trying to retrive the URL: /2007/11/14/guncel/?ver=0 > > > > but real website adress is www.milliyet.com.tr/2007/11/14/guncel/?ver=0 > > <http://www.milliyet.com.tr/2007/11/14/guncel/?ver=0> > > > > what do you think about this ? > > > > Thanks. > I think your Squid and Dansguardian setups are fine. > Your problem is with Iptables. I assumed you had all the Iptables commands > already in place for a NAT+transparent proxy setup but I guess you didnt > have it. > Leave Squid and Dansguardian as it it and try the following bash script > for > Iptables. > > --------------------------- > IPTABLES=/sbin/iptables > DEPMOD=/sbin/depmod > MODPROBE=/sbin/modprobe > > EXTIF="eth0" > INTIF="eth1" > > echo " External interface : $EXTIF" > echo " Internal interace : $INTIF" > > echo " loading modules" > $DEPMOD -a > > echo > "----------------------------------------------------------------------" > > #Load the main body of the IPTABLES module - "iptable" > echo -en "ip_tables, " > $MODPROBE ip_tables > > > #Load the stateful connection tracking framework - "ip_conntrack" > echo -en "ip_conntrack, " > $MODPROBE ip_conntrack > > > #Load the general IPTABLES NAT code - "iptable_nat" > echo -en "iptable_nat, " > $MODPROBE iptable_nat > > > #Loads the FTP NAT functionality into the core IPTABLES code > echo -en "ip_nat_ftp, " > $MODPROBE ip_nat_ftp > > echo -e " Done loading modules.\n" > > > echo " Enabling forwarding.." > echo "1" > /proc/sys/net/ipv4/ip_forward > > echo " Clearing any existing rules and setting default policy.." > $IPTABLES -P INPUT ACCEPT > $IPTABLES -F INPUT > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -F OUTPUT > $IPTABLES -P FORWARD DROP > $IPTABLES -F FORWARD > $IPTABLES -t nat -F > > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT > > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT > $IPTABLES -A FORWARD -j LOG > > echo " Enabling SNAT (MASQUERADE) functionality on $INTIF" > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > echo " Rerouting http hits to proxy server " > $IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT > --to-port 8080 > > --------------------------- > -- Iyi calismalar.Basarilar... Semih Gokalp Istanbul/Turkiye
