iptables transparent redirect to proxy on localhost

Sun Oct 7 12:38:45 EEST 2007

Thanasis wrote:
> on 10/06/2007 06:04 PM Giannis Kozyrakis wrote the following:
>>
>> Gia dokimase to eksis kai pes ta apotelesmata:
>>
>> iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
>>
>> [ ektos an to exeis dokimasei idi kai de to proseksa ]
>>
>> An de douleuei pes akrivws ti siberifora emfanizei.
>>
>> Kati allo, ton squid ton exeis rithmisei gia transparent proxy etsi ?
>>
>> Prepei na valeis sto conf ena:
>>
>> http_port 8080 transparent
>>
>> gia squid > 2.6
>>
>>
> 
> laptop ~ # iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination        
> laptop ~ # iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination        
> REDIRECT   tcp  --  anywhere             anywhere            tcp
> dpt:http redir ports 8080
> laptop ~ #
> 
> Πιστεύω ότι το είχα δοκιμάσει, αλλά το ξαναδοκιμάζω και ιδού τα
> αποτελέσματα:
> 
> *ANEY-transparent*
> ERROR
> The requested URL could not be retrieved
> 
> While trying to process the request:
> 
> GET / HTTP/1.1
> Host: www.google.gr
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
> Gecko/20070802 Firefox/2.0.0.6
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: el,en-us;q=0.7,en;q=0.3
> Accept-Encoding: identity,gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: Close
> 
> The following error was encountered:
> 
>     * Invalid Request
> 
> Some aspect of the HTTP Request is invalid. Possible problems:
> 
>     * Missing or unknown request method
>     * Missing URL
>     * Missing HTTP Identifier (HTTP/1.0)
>     * Request is too large
>     * Content-Length missing for POST or PUT requests
>     * Illegal character in hostname; underscores are not allowed
> 
> Your cache administrator is root.
> Generated Sun, 07 Oct 2007 04:56:03 GMT by laptop.vergina.dyndns.org
> (squid/2.6.STABLE13)
> 
> *ME-transparent*
> ERROR
> The requested URL could not be retrieved
> 
> While trying to retrieve the URL: http://www.google.gr/
> 
> The following error was encountered:
> 
>     * Access Denied.
> 
>       Access control configuration prevents your request from being
> allowed at this time. Please contact your service provider if you feel
> this is incorrect.
> 
> Your cache administrator is root.
> Generated Sun, 07 Oct 2007 04:53:35 GMT by laptop.vergina.dyndns.org
> (squid/2.6.STABLE13)
> 
> 
> 

Οταν έδωσα το link

http://tldp.org/HOWTO/TransparentProxy.html

λες να το έδωσα για να το διαβάσω εγώ;

Πέρα που το error message το λέει ξεκάθαρα. ACCESS DENIED

Διαβάζω λοιπόν απο το HOWTO:

Finally, look at the http_access directive. The default is usually
``http_access deny all''. This will prevent anyone from accessing squid.
For now, you can change this to ``http_access allow all'', but once it
is working, you will probably want to read the directions on ACLs
(Access Control Lists), and setup the cache such that only people on
your local network (or whatever) can access the cache. This may seem
silly, but you should put some kind of restrictions on access to your
cache. People behind filtering firewalls (such as porn filters, or
filters in nations where speech is not very free) often ``hijack'' onto
wide open proxies and eat up your bandwidth.

Ελπίζω αυτά να σε βοηθάνε.