7 replies to this topic

[sedow]

A squid proxy server is setup up on a server that has 2 NICs how will i configure the second NIC(eth1) so that my clients connected to the NIC will be proxied. Thanks

[Lethe]

As long as the box can route traffic to the outside nic (I give from granted one of the NICs has a public IP address) you are set. Configure stuff one step at the time, first networking then configure Squid.

Lethe.

[sedow]

As long as the box can route traffic to the outside nic (I give from granted one of the NICs has a public IP address) you are set. Configure stuff one step at the time, first networking then configure Squid.

Lethe.

The major challenge i have is to route internet from my outside NIC to the inside NIC.On the outside NIC i obtained ip address via dhcp which is a private address and also want to configure the inside NIC with a class C address.The box itself would act as a dhcp server on the inside NIC.i have configured Squid server and it's working fine.

[Lethe]

Is IP forwarding enabled on the box? (I don't take into consideration the firewall which should be configured to allow traffic between the two NICs) you can easily tell with :

cat /proc/sys/net/ipv4/ip_forward

If the above yields a 0 then you need to enable IP routing in the /etc/sysctl.conf file directive is net.ipv4.ip_forward = 1

After you make the above change you need to reboot or restart networking.

Cheers Lethe.

[sedow]

I have tried the above steps, ip forwarding = 1 (still not working) but can u please post the networking configuration
for the two NIcs (eth0 and eth1)
and again i think i had mess up with the iptables below is the output of the iptables.
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -m icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT
-A INPUT -J ACCEPT -p all -s 172.16.0.0/12 -i eth1
-A OUTPUT -J ACCEPT -p all -s 172.16.0.0/12 -i eth1
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

pls correct me if there is any misconfiguration, dont forget that all what am trying to achieve is for my 2NIcs to communnicate send internet out from second interface to clients. Thanks i really appreciate ur concern and contribution.

Edited by sedow, 15 August 2011 - 06:58 PM.

[Lethe]

What I would try first of all is to disable, at least temporarily, the firewall do this at runtime with :

iptables -F

And see if the problem lies there, if that is the case check your rules and correct them rinse and repeat. Other thing to do is to check that your routing table is correctly configured (easily verified with a traceroute to whatever IP address).

Cheers Lethe.

[Chenchu]

I would try as Lethe said, disabling the firewall

But I would also try turnning of SELinux if it is enabled,

setenforce 0

[Lethe]

If SElinux is interfering you get a nice warning or AVC denial AND when you install the RPM it automatically set the the proper context automatically.

L.