Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Squid on Ubuntu Server 11.10, Hit a Wall...
New Posts  All Forums:Forum Nav:

Squid on Ubuntu Server 11.10, Hit a Wall...

post #1 of 4
Thread Starter 
Well needless to say I'm trying to set up a Squid proxy server to cache webpages to decrease bandwidth. Defiantly having some difficulty getting this baby up and running. Still new to Ubuntu and Squid, but giving it a shot. Trying to set it up as a Transparent Proxy, and to also act as a DHCP server. Been following this guide:
http://www.ubuntugeek.com/setting-up-ubuntu-10-04-lucid-server-with-squid-3-as-a-transparent-proxy.html


Hopefully I've provided a fairly complete explanation of whats happening and what I'm trying to do below. If I missed anything please point it out thumb.gif. Also any advice or recommendations (If there's another forum that is good for Ubuntu/squid let me know).

My network:
*[LAN]*---192.168.2.0/24 network---*[Ubuntu Server]*---192.168.1.0/24---*[PIX 501]*-->*[WAN]

-I can ping on the Ubuntu interface on the PIX side via 192.168.1.250 successfully

-Unable to get an address from the 192.168.2.0 network from Ubuntu Server
-Unable to set statically an address on 192.168.2.0 network and get any communication
-Shows network resources not loading on boot:
Code:
Waiting for network configuration...
Waiting 60 more seconds for network configuration...


Setup:
Ubuntu 11.10 x86 install
Squid3
Dhcp3

Configs:

/etc/network/interfaces
Code:
auto eth0
iface eth0 inet static
address 192.168.1.250
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.88

post-up iptables-restore < /etc/iptables.up.rules

auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

/etc/squid3/squid.conf
Code:
http_port 3128 transparent
acl our_networks src 192.168.2.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet
cache_dir ufs /var/spool/squid3 18000 16 256

Created iptables /etc/iptables.up.rules
Code:
*nat

-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j DNAT –to-destination 192.168.2.1:3128
-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j REDIRECT –to-ports 3128
-A POSTROUTING –s 192.168.2.0/24 –o eth0 –j MASQUERADE

*filter

-A INPUT –i lo –j ACCEPT
-A INPUT –m state –i eth0 –state REALATED,ESTABLISHED –j ACCEPT
-A INPUT eth1 –j ACCEPT
-A INPUT –p tcp –m tcp –dport 22 –j ACCEPT 
-A INPUT –j LOG
-A INPUT –j DROP
-A FORWARD –i eth1 –j ACCEPT
-A OUTPUT –o lo –j ACCEPT
-A OUTPUT –o eth1 –j ACCEPT
-A FOWARD –o eth1 –j ACCEPT
-A FORWARD –s 192.168.2.0/24 –o eth0 –j ACCEPT
-A FORWARD –d 192.168.2.0/24 –m state –state ESTABLISHED,REALTED –I eth0 –j ACCEPT

/etc/rc.local
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE

/etc/default/isc-dhcp-server
Code:
INTERFACES="eth1"
option netbios-name-servers 192.168.2.1

/etc/dhcp/dhcpd.conf
Code:
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.254;
option domain-name-servers 192.168.2.1, 192.168.2.2;
option domain-name "mydomain.example";

subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.10 192.168.2.100;
range 192.168.2.150 192.168.2.200;

/etc/rc.local
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE
exit 0
post #2 of 4
Ugh why are you putting another layer of NAT within your network?
Das Rig, Ja?
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 Asus Crosshair VI EVGA 1080Ti SC2 2x16G GSkill RGB 3200 
Hard DriveCoolingOSMonitor
500 GB 960 EVO Enermax T50A-BVT Windows 10 Pro 27" Asus 
KeyboardPowerCaseMouse
Logitech K350 EVGA 1600G2 Fractal Define C Rosewill M55 RGB 
  hide details  
Reply
Das Rig, Ja?
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 Asus Crosshair VI EVGA 1080Ti SC2 2x16G GSkill RGB 3200 
Hard DriveCoolingOSMonitor
500 GB 960 EVO Enermax T50A-BVT Windows 10 Pro 27" Asus 
KeyboardPowerCaseMouse
Logitech K350 EVGA 1600G2 Fractal Define C Rosewill M55 RGB 
  hide details  
Reply
post #3 of 4
Thread Starter 
Quote:
Originally Posted by beers View Post

Ugh why are you putting another layer of NAT within your network?

I won't turn down help, but could you be a little more specific? is the nat command in /etc/rc.local unnecessary?

Or are you talking about my physical network topology...?
post #4 of 4
The topology,

It looks like you are getting natted by the router (dhcp is handing out 192.168.1.0
And you server is handing out 192.168.2.0 ( i think thats what he means ;D)


What is the defult chiain in iptables, and has forward been enable on the box?
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Squid on Ubuntu Server 11.10, Hit a Wall...