[squid-users] transparent mode squid on centos 9 with iptables (part 2)

Lola Lo holitafarolito at gmail.com
Wed Nov 16 20:14:48 UTC 2022 

Hi guys.


Could you please send a tutorial or any good guidance to implement  squid
on transparent mode on centos 9 with iptables.

I have configured squid.conf with this parameters:



ens192: 172.31.168.28, internet interface

ens224: 192.168.1.10, LAN interface (private network)


# Mis ACLs #

acl mi_red src 192.168.1.0/24

acl cliente_linux src 192.168.1.20

acl cliente_windows src 192.168.1.30

acl sitios1 url_regex "/etc/squid/listas/sitios1"

acl sitios2 url_regex "/etc/squid/listas/sitios2"


# Squid normally listens to port 3128

http_port 3128

http_port 8080 transparent


I want the “deny all” rule get applied to test the client using the proxy


My iptables is configured as follows:


#!/bin/bash


## NAT server configuration ##


sysctl -w net.ipv4.ip_forward=1

sysctl -p

iptables -X

iptables -F

iptables -t nat -X

iptables -t nat -F

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -I FORWARD  -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -I POSTROUTING -o ens192 -j MASQUERADE




#!/bin/bash


## proxy server configuration ##


### Accepting traffic for the ports: 3128 and 8080##


iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 3128 -j ACCEPT

iptables -A INPUT -p tcp --dport 3128 -j DROP

iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 3128 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 3128 -j DROP


iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT

iptables -A INPUT -p tcp --dport 8080 -j DROP

iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 8080 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 8080 -j DROP



### Accepting traffic for the ports: 3128 and 8080##


iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j
REDIRECT --to-port 8080

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 443 -j
REDIRECT --to-port 8080




But I got this error:


1668381894.746      0 192.168.1.20 NONE_NONE/000 0 -
error:transaction-end-before-headers - HIER_NONE/- -

1668381967.800      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.805      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.809      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.814      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.818      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.823      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.827      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.832      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.836      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html

1668381967.841      0 192.168.1.20 NONE_NONE/400 3690 -
error:invalid-request - HIER_NONE/- text/html


Could you please help me to solve this; i am completely new using squid and
in Linux?


I was following these sources:


• https://www.xmodulo.com/squid-transparent-web-proxy-centos-rhel.htmlhttps://www.maravento.com/2015/06/no-forward-proxy-ports-configured.htmlhttps://www.xmodulo.com/internet-connection-sharing-iptables-linux.html


You can find the logs of squid 5.5 here: squid logs
<https://epnecuador-my.sharepoint.com/:u:/g/personal/mercy_anchundia_epn_edu_ec/EaqrQJFkDfhLnEha14CIfKoBhrKZLaSTIE51t_gw0_iUZw?e=Y8xirv>
I configured the linux client with the ip 192.168.1.20/24, gateway is the
linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.

H
Lola Lo <holitafarolito at gmail.com> (sent by marseaplage at gmail.com)
Sun, Nov 13, 8:52 PM (3 days ago)
to squid-users
Hi guys.

You can find the logs of squid 5.5 here: squid logs
<https://epnecuador-my.sharepoint.com/:u:/g/personal/mercy_anchundia_epn_edu_ec/EaqrQJFkDfhLnEha14CIfKoBhrKZLaSTIE51t_gw0_iUZw?e=Y8xirv>
I configured the linux client with the ip 192.168.1.20/24, gateway is the
linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.

i gHi guys.

You can find the logs of squid 5.5 here: squid logs
I configured the linux client with the ip 192.168.1.20/24, gateway is the
linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.uys.

You can find the logs of squid 5.5 here: squid logs
<https://epnecuador-my.sharepoint.com/:u:/g/personal/mercy_anchundia_epn_edu_ec/EaqrQJFkDfhLnEha14CIfKoBhrKZLaSTIE51t_gw0_iUZw?e=Y8xirv>
I configured the linux client with the ip 192.168.1.20/24, gateway is the
linux server: 192.168.1.10 and DNS: 192.168.1.10 and others of my ISP.
Thank you in advance for your help

---------- Forwarded message ---------
From: Lola Lo <holitafarolito at gmail.com>
Date: Sun, Nov 13, 2022 at 7:32 PM
Subject: transparent mode squid on centos 9 with iptables
To: <squid-users at lists.squid-cache.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221116/2f3f2dbd/attachment-0001.htm>

More information about the squid-users mailing list