November 25, 2024, 05:54:18 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Setup Linux Box as Gateway + Proxy Server.  (Read 11990 times)

Offline Avin

  • Linux Learner
  • ***
  • Posts: 54
  • L!nuX
Setup Linux Box as Gateway + Proxy Server.
« on: September 22, 2009, 07:51:26 AM »
Hi All, :)

   I am planning to configure my Linux box as  Gateway and Proxy server on my network. but I have some doubt Plz help me to solve this query. ???
  My LAN interface :   eth1         (IP : 192.168.1.100/255.255.255.0)            -----My LAN Network range : 192.168.1.0/255.255.255.0
  My WAN interface :   eth0        (IP : 122.169.X.X/255.255.255.0)                 -- Connected to Internet.
 
Squid/Firewall Server IP : 192.168.1.100/255.255.255.0    .......(I will use IPTABLES to do my Filtering and NATing work )

#I am creating this rules for setup this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT


My Query : ??? ???
1)  What is Gateway address for eth1 ?
2)  Which interface Squid Server listen ?  eth0 or eth1 ?   Which IP 192.168.1.100 or 122.169.X.X ?
3)  If any Messenger traffic I want to open where to configure in Squid or Iptables for that port like Gtalk, MSN.
4) How to forward some LAN application as Live application. (If I want access 192.168.1.15:3003 application from outside with 122.169.X.X : 3009 ) How to do with Iptables.
5) Can I setup Transpernt Proxy with above condition ? If yes What is IPTABLES Rules I know Squid configuration part for transperent proxy.

Thanks,
Avin Tokade

Offline kaushalpatel1982

  • LST CareTaker
  • Linux Learner
  • *****
  • Posts: 87
Re: Setup Linux Box as Gateway + Proxy Server.
« Reply #1 on: September 23, 2009, 11:44:20 AM »
1)  What is Gateway address for eth1 ?
Ans : You have not require to configure any gateway for eth1

2)  Which interface Squid Server listen ?  eth0 or eth1 ?   Which IP 192.168.1.100 or 122.169.X.X ?
Ans : After basic configuration when you start squid server, it will listen on both of the interfaces. You should block squid port on eth0 as it is your internet interface using IPTables.

3)  If any Messenger traffic I want to open where to configure in Squid or Iptables for that port like Gtalk, MSN.
Ans: You can configure proxy settings in most of the messengers. You need not to configure squid for that. If I assume you have not configured firewall to drop anything using IPTables then it will work as it is.

4) How to forward some LAN application as Live application. (If I want access 192.168.1.15:3003 application from outside with 122.169.X.X : 3009 ) How to do with Iptables?
Ans : Greate link to answer your this question with example : http://linux-ip.net/html/nat-dnat.html

5) Can I setup Transpernt Proxy with above condition ? If yes What is IPTABLES Rules I know Squid configuration part for transperent proxy.
Ans : You needs to configure squid and iptable both for transparent proxy. You need to provide squid's version to have solution.

Offline Avin

  • Linux Learner
  • ***
  • Posts: 54
  • L!nuX
Re: Setup Linux Box as Gateway + Proxy Server.
« Reply #2 on: September 23, 2009, 12:14:01 PM »
Hi Kaushal,

Thanks for your help :). You have cleared most of my doubts.
My Squid version 2.5 Stable6..
and One more thing Why I am not able to access my application from their Live IP from inside. I get Connection failed error, but I am successfully able to access same application from outside. (My External url : http://122.169.X.X:3006). Is there any Solution for that in Iptables to redirect internal traffic act as external traffic ?

Thanks again for you help ...... :) :) :)

Avin Tokade..... 

Offline kaushalpatel1982

  • LST CareTaker
  • Linux Learner
  • *****
  • Posts: 87
Re: Setup Linux Box as Gateway + Proxy Server.
« Reply #3 on: September 23, 2009, 12:33:46 PM »
Good to hear from you.

For squid, before you go for transparent proxy I will suggest you to upgrade it to latest version. It is very easy to configure in that version.

For DNAT, I suggest not to put your internal traffic to just DNAT to your local Server. It might possible you will not get good throughput.
It will also add unnecessory traffic on Router/Firewall.

Offline Avin

  • Linux Learner
  • ***
  • Posts: 54
  • L!nuX
Re: Setup Linux Box as Gateway + Proxy Server.
« Reply #4 on: September 24, 2009, 12:17:48 PM »
Thanks again for quick reply :)

But Is this possible to do in IPTABLES ?
 I need this only few time for commit the application from live url. If I use local url then it fails because the application code uses live path. I am able to commit from outside but not form inside. I want to forward traffic only for one application. If it will create unnecessary traffic. I will remove rule after my (commit) work complete and add only time whenever I need.

Avin..

Offline kaushalpatel1982

  • LST CareTaker
  • Linux Learner
  • *****
  • Posts: 87
Re: Setup Linux Box as Gateway + Proxy Server.
« Reply #5 on: September 25, 2009, 08:09:54 AM »
As per my understanding, You said that you have server that you want to access it from inside as well as outside. You also want that, You are only allow to access few of the services of the server.

Yes, It is very much possible with IPTables.

You will have to create a DMZ Zone in your network.  Put your server inside the zone and apply the rules according to your setup. By doing this you will have control of the service of ther server to allow or deny. Your scenario will looks like the link :


« Last Edit: September 25, 2009, 08:22:35 AM by LS-Admin »

Offline Avin

  • Linux Learner
  • ***
  • Posts: 54
  • L!nuX
Re: Setup Linux Box as Gateway + Proxy Server.
« Reply #6 on: September 25, 2009, 09:36:02 AM »
Thanks Kaushal..

I will try to apply this in our office.

Avin Tokade